On the 19th June, Prime Minister Scott Morrison announced that Australian governments, businesses and political organisations, are actively ‘being targeted by a sophisticated state-based cyber actor’.
In the wake of this startling revelation, the federal government announced it will create more than 500 new jobs to boost the cyber security capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).
Representing the largest ever investment in cyber security in Australia, this is part of the federal government’s $1.35 billion to develop new capabilities and improve the understanding of malicious cyber activity to better detect and defeat emerging threats.
As with so many other ill-fated sectors of the economy, the number of cyber attacks has also grown since COVID-19’s global spread. Keeping ahead of these threats is now more imperative than ever.
State-based threats
At the time, Morrison said “we know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used”. In cyber speak, an advanced persistent threat (APT) is an attack in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network to mine highly sensitive data.
APTs are not new and often state sponsored. A well-known attack, APT38, also dubbed ‘Lazarus’, was backed by the North Korean government and was widely credited with the 2018 WannaCry ransomware attacks. Other APTs have reportedly been responsible for election tampering as well as extensive targeting of the defence, technology, energy, and healthcare sectors.
Over time the risk hasn’t diminished. Earlier this month, Defence Minister Linda Reynolds said “nations are increasingly employing coercive tactics that fall below the threshold of armed conflict… Among the greatest of these threats are cyber-attacks. With growing frequency, these attacks target all levels of Australian society. Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”
COVID-19 and the increase in vulnerability
COVID-19 has impacted our work environment and associated cyber security landscape like no other global event in recent history. The remarkable transition to remote home office, often with reduced controls, has increased our vulnerability to malicious cyber activity.
KPMG’s global cyber intelligence team has seen a global increase in cyber-attacks since the start of COVID-19. This includes attacks on Australia. The official stance from government in June is a reminder that that we are under a relentless cyber-attack aimed at all sectors of our community, not just government or the ‘big-end’ of town.
With the increase in geo-political tensions and the reduction in global wealth, this situation is unlikely to go away.
What can we do, to help ourselves?
Protection will always be the best remediation. It is critically important to improve, update and continually monitor our national cyber security as a vital part of Australia’s national defence strategy. Amidst COVID-19 we need to remain vigilant and conscious that we are only as strong as our weakest link.
A first step is to have the right mindset and the recognition that any person or organisation can be a victim irrespective of the sector you work in or position you hold. Last year saw a spate of widely-publicised cyber-attacks against Australian universities and individual contractor attacks on government and business alike.
To protect we can:
- Boost internal cyber security awareness. Assessments of cyber maturity at many organisations in Australia show low maturity for cyber security awareness. This is a critical aspect of enhancing our collective cyber security resilience. Ensure people-related risks are managed and minimised. By nature, people can often be the weakest link, simply because humans are fallible. Regularly reminding your teams to be vigilant through the use of cyber risk alerts are highly recommended. A cyber-attack can, in the click of a mouse, impact the fundamental workings of your organisation or wellbeing of your family. Now is not the time to ignore its importance.
- Technical safe guards across both your work and home networks are key to reducing your vulnerabilities. We continue to see, across government, business and the home office weak security practices.
- Build capability and skills in the workforce. As a minimum, many TAFE’s are now offering Certificate IV in Cyber Security.
- Good cyber security practice includes:
– Patching of software both operating system and applications.
– Decommissioning end of life software and systems. For example, support for Windows 7 ended on the 14th January, 2020. Those continuing to use this operating system are more vulnerable to cyber-attacks.
– Stronger passwords. In 2019, the UK’s National Cyber Security Centre analysed passwords belonging to accounts that had been breached worldwide. It found that 123456 was the password on 23.2 million accounts.
– Use multi-factor authentication which will deter the crudest and most common forms of cyber-attacks.
– Back-up your data, ideally on a daily basis.
– Adopt the additional measure of the ASD Essential Eight, including user application hardening, disable untrusted Microsoft macros, and restrict administration privileges and application white-listing. More detail can be found at: cyber.gov.au/acsc/view-all-content/essential.
For more information contact KPMG