Security News
Fear and the more technical aspects of cybersecurity are still stopping Australian CEOs from engaging more deeply with cybersecurity risks, despite a string of high-profile cyberattacks that have hit Australian brands, including Optus and Medibank and millions of their customers. New research from consulting firm Accenture found that only one in five of Australian CEOs are currently dedicating board meetings to discussing cybersecurity issues, while 34% think cybersecurity isn't a strategic matter and requires episodic rather than ongoing attention.
Australian organisations are showing varying levels of preparedness when it comes to data privacy, with Maddocks partner Sonia Sharma saying they need to get ahead of legislative change because the conversation has already moved from the "Parliament to the pub." Organisations urged to act ahead of Privacy Act reforms.
The complexity and change experienced by organisations as they grow is one reason we are seeing similar cyber security risks to a decade ago, says Rapid7's CISO Jaya Baloo. Speaking on ethics in information security at the 2023 Australian Cyber Conference, Baloo said the Australian market has truly woken up to cyber risks in the last year due to a number of high-profile data breaches that have affected millions of Australians.
Experts from security firm F5 have argued that cyber criminals are unlikely to send new armies of generative AI-driven bots into battle with enterprise security defences in the near future because proven social engineering attack methods will be easier to mount using generative AI. The release of generative AI tools, such as ChatGPT, have caused widespread fears that democratization of powerful large language models could help bad actors around the world supercharge their efforts to hack businesses and steal or hold sensitive data hostage. F5, a multicloud security and application delivery provider, tells TechRepublic that generative AI will result in a growth in social engineering attack volumes and capacity in Australia, as threat actors deliver a higher volume of better quality attacks to trick IT gatekeepers.
This forms a core part of the upcoming 2023-2030 Cyber Security strategy, and it aims to build six cyber shields in service of citizens, businesses and government at all levels. As well-meaning as this initiative is, there are many implications about the impact the six cyber shields approach will have on Australian businesses.
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy. "Once you start using CCTV or any sort of imaging, they've got the raw data from which various biometric mechanisms might be applied," said Chair of the Australian Privacy Foundation David Vaile.
Whether they've been hiring new talent into their teams or looking to keep their existing talent engaged and in place, the short supply of skills in recent years has made it quite a challenging time. Logicalis has also launched a Talent Services business to help IT leaders meet skills needs and get projects done without hiring staff directly.
According to IBM's Cost of a Data Breach Report 2023, the average cost of a data breach in Australia has grown by 32% in five years to AU $4.03 million. As the risk of data breach incidents rise, IT leaders are in a position to minimize the cost of a data breach by implementing DevSecOps, utilizing AI and automation, prioritizing incident response planning and testing, streamlining data breach discovery and taking out adequate cybersecurity insurance for when the worst happens.
An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation. The Select Committee on Foreign Interference through Social Media yesterday filed its final report [PDF] which outlines the reason the committee convened: social media has become the public square in which policy debate tales place, but "Is increasingly being weaponized to spread disinformation to deliberately mislead or obscure the truth for malicious or deceptive purposes." Plenty of that disinformation comes from foreign powers, "As part of a broader, integrated strategic campaign to advance their own national interests at Australia's expense."
Australian law firm HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. HWL Ebsworth is one of Australia's largest law firms, with an annual revenue of hundreds of millions of dollars, employing over 2,000 people and operating nine offices nationwide.