iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
It’s been a year of policy firsts for the Australian government, but the new year looks just as challenging for politicians at home and abroad – and for their constituents.
David Wiseman
Vice president of secure communications at BlackBerry
Cyber security outages, espionage attempts by foreign actors, and AI-led misinformation were significant causes for concern to governments and organisations across the world this year, and we expect this to continue to escalate in 2025.
The recently introduced Australian Cyber Security Act reinforced the government’s commitment to cyber resilience, bolstering national security and protecting businesses and people from cyber threats. This commitment is crucial as Australia heads towards the federal elections next year.
Recent reports of Chinese espionage groups allegedly targeting the cellphones of former president Donald Trump, Senator JD Vance, and Democrat staffers are one of many such examples this year of adversarial activity targeting the fabric of democracy globally. Information found on politicians’ phones can be invaluable to foreign intelligence agencies attempting electoral interference or other objectives that threaten national security.
This scenario exposes vulnerabilities in telecommunications infrastructure – as metadata generated by “free” apps for voice calls and messaging can be easily traded, fuelling “wire-tapping-as-a-service” markets that are readily available for purchase on the internet. This underscores the harsh reality that trust placed in uncertified apps does not extend to protecting your metadata.
In this uncertain threat landscape, government agencies, political figures, and their teams must mitigate risk with military-grade, highly secure communications solutions, which will be critical to maintaining election and democratic integrity.
Tony Jarvis
VP enterprise security APJ at Darktrace
Australian government entities are typically required to meet certain minimum cyber security capabilities – usually evaluated from a compliance perspective. Compliance is an excellent starting point, but compliance does not always equal security. Awareness is key, and it is encouraging to see the appetite growing for a more proactive approach to identifying and addressing cyber security gaps.
As the events of the last 12 months have shown, the security of our government entities has never been more important. More can always be done, and we will see government entities explore cyber security capabilities beyond box-ticking.
Alyssa Blackburn
Program manager, information management, at AvePoint
Cyber security and privacy are becoming increasingly intertwined, particularly with the recent changes to Australia’s Privacy Act. Previously, only large organisations with annual turnovers above $50 million were subject to the strictest privacy regulations.
Now, the threshold has been lowered to businesses with as few as 15 employees, significantly broadening the scope of who must comply. This shift will have a profound impact on small- to medium-sized businesses that may not have previously needed to invest heavily in privacy compliance.
Mike Arrowsmith
Chief trust officer at NinjaOne
As AI adoption and privacy concerns rise, 2025 will bring with it more stringent data protection and compliance requirements from around the world. In the EU, NIS2 is now law, meaning that there’s a whole new set of cyber security and privacy requirements that all entities that do business in healthcare, financial services, manufacturing, and others must comply with.
And as AI regulation becomes a bigger part of the conversation, the more that organisations can secure, track, and report on where and how they’re storing data now, the better positioned they’ll be to comply with all the above, especially as new regulation and more stringent enforcement ensues.
Josh Lemos
Chief information security officer at GitLab
Emerging AI regulation will require CISOs to develop an even deeper understanding of legal frameworks and articulate a clear vision of the risks, security roadmap, and mitigation plan at all levels of the organisation. AI-driven risk assessment and ethical considerations will also play a crucial role in shaping the future of cyber security.
This convergence will require CISOs to navigate a complex landscape, balancing board-level legal and compliance communications alongside security design and implementation details to protect their organisations from emerging threats.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
