Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Op-Ed: The future of cyber security in the Australian public sector

The Australian public sector is quickly becoming one of the biggest targets for cyber criminals, state-sponsored hackers, and malicious insiders, with many government agencies facing increasing ransomware attacks, geopolitical threats, and data breach attempts on citizens’ personally identifiable information (PII).

user iconJason Whyte
Wed, 12 Apr 2023
Op-ed: The future of cybersecurity in the Australian public sector
expand image

Recent data from the Australian Cyber Security Centre (ACSC) indicates that cyber attacks have increased by 13 per cent from the previous financial year (July 2020 – June 2021).

Jason Whyte, general manager for the Pacific region at Trustwave, said: “Any data breach in the public sector is not only a reputational issue; it can also have serious financial and operational consequences. While some have been fortunate to avoid a truly cataclysmic cyber attack, others have not been so lucky. By staying informed of the latest cyber trends, government organisations can be better prepared to face the evolving threat landscape and protect Australia’s national interests.”

Here are six cyber security trends to watch in the Australian public sector:

============
============
  1. Data is the new uranium

The message is clear: data is not the new oil, it’s the new uranium. Following significant data breaches in Australia in 2022, there will be an increased focus on the type and amount of data stored in 2023. This extends to regulations the Australian government imposes on commercial organisations to store PII. Looking ahead, public and private sector organisations will need to work together to reduce the risk of data being exposed. One way to achieve this is by reducing the volume of data stored to ensure it can’t be weaponised against citizens and the organisations collecting and using that data.

  1. Increase in cyber warfare

Cyber attacks of a geopolitical nature have grown exponentially, especially in the wake of Russia’s continued invasion of Ukraine as well as increased geopolitical tensions with China. It’s clear that the use of cyber warfare — cyber attacks used to cause comparable harm against a nation-state — for geopolitical purposes presents an undue risk to organisations. In 2023, the Australian government needs to do more than just ensure its own digital perimeters are safe and work closely with international partners to strengthen cyber capability and safeguard the interests of its citizens and businesses.

  1. Device and third-party security

The use of third-party equipment in public sector networks is under scrutiny following the removal of Chinese-manufactured security cameras at government buildings across Australia. To protect PII and prevent significant cyber breaches, government departments must implement an internet of things (IoT) and operational technology (OT) policy in 2023. This policy should include an assessment of the potential risk posed by connected devices as well as ensuring service partners are also taking necessary security measures.

  1. Critical infrastructure

The Australian Security of Critical Infrastructure (SOCI) Act has been a topic of much discussion in recent months, particularly regarding the changes made to it. However, there are still areas of the critical infrastructure risk management program (CIRMP) that require further clarification. In response to this, the Australian government has committed to producing guidance material to assist with implementation, which will help clarify any uncertainties. The new CIRMP Rules came into effect in February 2023, marking the start of a six-month grace period for responsible entities to establish a CIRMP for their critical infrastructure assets.

  1. Security baseline

Many companies are starting to prioritise data literacy and cyber hygiene due to changes to the Essential Eight framework and the assessment of its maturity, both of which have raised the security bar. The Australian government has also mandated compliance across all eight cyber security controls of the Essential Eight framework, placing greater emphasis on assessors to gather and use high-quality evidence wherever possible and having less room for leniency. To effectively determine if the mitigation strategies are implemented, staff working on Essential Eight assessments will need to improve their technical knowledge and skills in 2023.

  1. Crisis simulation

The key to achieving cyber resilience is through conducting crisis simulations. A crisis simulation not only provides a clear understanding of internal processes; it also identifies gaps in security processes and helps government organisations prepare and train staff for the challenges of day-to-day cyber security. In 2023, realistic simulation of both current and evolving threats will be the most effective way to test and improve response readiness, while also minimising the impact of a real attack.

Jason Whyte said: “As the Australian public sector increasingly becomes a prime target for cyber threats, it’s crucial for government agencies and organisations to remain vigilant and adopt a proactive approach towards cyber security. By implementing robust security measures and staying up to date with the latest cyber trends, they can better protect their networks, systems, and, most importantly, the PII of employees, citizens, and third-party vendors from nation-state actors with malicious intent.”

Jason Whyte is the general manager for the Pacific region at Trustwave.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.