Security News

In a speech delivered yesterday, Mike Burgess noted that countering Soviet sabotage plots was a significant reason ASIO was created. "Nationalists and racists are probably just mouthing off. But the spy chief indicated that ASIO"is aware of one nation-state conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks.

The extent of the scam was revealed on Monday in an audit of the ATO's management and oversight of fraud control arrangements for the Goods and Services Tax - Australia's equivalent of a value-added or sales tax. The scam promoted in online ads detailed a means of securing a loan from the ATO - an outright lie, as Australian tax authorities are not notably more generous than others around the world.

The Australian government announced in 2023 that it would phase out the use of passwords to access key government digital service platform myGov. In the first half of 2024, Australians may be asked to adopt passkeys, which use individual biometric data to authenticate users. The myGov passkey push across the Australian population will pave the way for IT leaders to adopt this more secure form of authentication in the private sector as public awareness and education rise.

Organisations in Australia face a significant challenge with data. Why organisations want data to deliver personalisation.

60% of Australian small businesses don't survive a cyber breach. A recent report by ASIC found that "Medium and large" organisations consistently reported more mature cyber security capabilities than small organisations, which lagged behind in most critical areas: supply chain risk management, data security and consequence management.

Research from Infoxchange indicates that poor cyber security practices in Australia's not-for-profit sector are putting its donors' and communities' data at risk. A mere 12% of NFPs conducted regular cyber security awareness training, and only one in five had a cyber security policy in place.

The Australian government is moving towards regulating cryptocurrency, with a focus on those involved in developing and maintaining crypto platforms. Cryptocurrency is known for its vulnerability, with Australia experiencing several incidents, including a AUD$40 million hack on the crypto betting platform, Stake, and the theft of over one million from an Australian Bitcoin bank in 2013.

Fear and the more technical aspects of cybersecurity are still stopping Australian CEOs from engaging more deeply with cybersecurity risks, despite a string of high-profile cyberattacks that have hit Australian brands, including Optus and Medibank and millions of their customers. New research from consulting firm Accenture found that only one in five of Australian CEOs are currently dedicating board meetings to discussing cybersecurity issues, while 34% think cybersecurity isn't a strategic matter and requires episodic rather than ongoing attention.

Australian organisations are showing varying levels of preparedness when it comes to data privacy, with Maddocks partner Sonia Sharma saying they need to get ahead of legislative change because the conversation has already moved from the "Parliament to the pub." Organisations urged to act ahead of Privacy Act reforms.

The complexity and change experienced by organisations as they grow is one reason we are seeing similar cyber security risks to a decade ago, says Rapid7's CISO Jaya Baloo. Speaking on ethics in information security at the 2023 Australian Cyber Conference, Baloo said the Australian market has truly woken up to cyber risks in the last year due to a number of high-profile data breaches that have affected millions of Australians.