Australia’s Cyber Security Strategy has generated a vibrant discussion about cyber security as a key element of national prosperity and security. Cyber security has been recognised as an enabler not only to improve existing ways of doing business, but as a critical new industry that can drive Australia’s future prosperity. For Australia to be globally competitive, cyber security must underpin the data- driven transition of every sector in the economy.

The need to deal with cyber security challenges has never been better understood. Boards recognise it as a key business risk, and also a competitive edge; commonwealth, state and territory governments better understand its importance for national security, prosperity, and improving the lives of all Australians.

Key to Australia’s future prosperity is a strong and vibrant online economy. Growth of our cyber security businesses, support to innovation and active collaboration between our research and business sectors is critical for achieving leadership and a reputation for trust in the global economy. The Cyber Security Strategy provides an overarching, organising framework for all Australian businesses to grow and prosper through cyber security innovation.

“There’s a buzz and an energy around the Australian cyber security industry that is unlike anything we’ve had before.” Nick Ellsmore,

Security Advisor & Chief Apiarist, HIVINT

Since the launch of the Cyber Security Strategy we have seen a rapid growth in interest, energy and focus across the cyber security sector. The activity across the Australian economy has outstripped expectation. Australia ranks fourth globally in patent filings in cyber security research and development. Not only have the initiatives under the Cyber Security Strategy had a direct effect, but industry, academia and government agencies have increased their rate of engagement on cyber security. This is growing into a thriving community that will help protect Australia’s economy and continue to grow into valuable and profitable industry sector.

If Australia invests further in cyber security, it would unlock potentially valuable investments in digital innovation, boosting most businesses. According to Deloitte, by 2030 this could lead to:

  • Lift of 5.5% in business investment,
  • Wages up 2.0%,
  • An extra 60,000 people employed, and Australia taking its share of a likely booming Indo-Pacific cyber security market.

Australians are embracing the Internet for business and personal use more than ever before.

  • In the second half of 2016, the volume of data downloaded through broadband connections was 23% greater than the first half of 2016, continuing a long-term trend of growing Internet usage.
  • In June 2016, 94% of adult Australians used the Internet to conduct banking, pay bills, or buy and/or sell goods and services.

While Australian companies are being hit with more malicious cyber activity, they are putting in place better means to deal with it.

  • In 2016, 59% of organisations in Australia detected a business interrupting security breach on at least a monthly basis, which is more than twice as often as 2015, according to the ‘Telstra Cyber Security Report 2017’.
  • 71% of respondents to the ACSC 2016 Cyber Security Survey reported having a cyber security incident response plan in place, compared to 60% in 2015.
  • According to the ‘ACSC 2016 Cyber Security Survey Report’, organisations with higher levels of cyber resilience were more likely to have discussed cyber security at the board level in the past three months.
  • 39% of CIOs had purchased some form of cyber insurance in 2016, compared to 24% in 2015, according to the Minter Ellison ‘Perspectives on Cyber Risk 2017’ report.

2016-2017 – Cyber Security Events Shaping Awareness

US election interference

US Election

The hack and release of sensitive information from the US Democratic National Committee by Russian cyber actors in the lead up to the 2016 US Presidential election demonstrated how targeted disclosures of stolen information can interfere with processes underpinning Western democracy. The interference broke new ground for unacceptable behaviour and tested concepts around public attribution, response and effective deterrence. It also encouraged discussion over the security of electoral systems, including on-line voting.

Internet-of-Things cyber attack

Internet-of-Things

The unprecedented scale of the Distributed Denial of Service attack on US Domain Name System provider Dyn disrupted major internet platforms and services in North America, Europe and Australia. The Dyn disruption was enabled by the exploitation of security vulnerabilities in Internet of Things devices – including closed-circuit television equipment – and gave cause to consider critical dependencies and vulnerabilities in Australia’s Internet infrastructure, and the security of Internet-connected devices.

eCensus

eCensus

Overnight Australians – and the Government – understood the devastating effect cyber security can have on trust as the hashtag #Censusfail trended globally. The incident tested confidence in government’s digital transformation agenda and online service delivery more broadly.

Data breaches

Data Breaches

Multiple public breaches of sensitive data by Australian companies and government entities raised privacy concerns. Most of these were not due to network compromises, but the result of complacency and failures in the delivery and management of ICT services and information. In October, sensitive personal information of 550,000 customers of the Australian Red Cross Blood Service was exposed online through human error. While there was no discernible impact or threat to donors following the incident, the Red Cross’ swift and proactive response – engaging the Australian Cyber Security Centre, and establishing a support service for affected persons – was critical to mitigating the harm.

Government is assisting through the Computer Emergency Response Team (CERT) Australia. Over the past year CERT Australia:

  • published 159 advice reports covering topics such as critical vulnerabilities in industrial control and building management systems, as well as malicious activity targeting banking applications; and
  • handled 10,351 incidents affecting businesses, of which 363 were more serious incidents affecting systems of national interest.

The Australian Cyber Security Centre 2016 Threat Report showed how the landscape of cyber security threats and challenges affecting Australia continues to evolve (see also text box). Notable events in 2016 and 2017 expanded Australians’ awareness of how cyber security can impact our lives. Public expectations for improved privacy, integrity and availability of online services will only increase. Government and business will need to be better at anticipating and responding to future cyber security challenges to prevent shocks.

Cybercrime remains the most visible and damaging aspect of the cyber threat environment for the majority of Australian citizens and businesses. Almost all Australians that use the Internet are exposed to sophisticated cyber criminals seeking to steal money. Or to steal information or threaten to disrupt services for the purposes of fraud and extortion.

Cybercrime – more of it, more sophisticated, and more targeted against Australians

Cyber Crime Security

The Australian Criminal Intelligence Commission has built a stronger picture of the identities and methodologies of cyber criminals targeting Australia – mostly originating from Eastern Europe and Russia. This includes a class of offshore cybercriminal that specialise in targeting Australians.

The proliferation of ransomware – where the victim is prevented from accessing their systems or data until a ransom is paid – remains an endemic problem across the globe. In Australia, reports of ransomware activity reported to the Australian Cybercrime Online Reporting Network (ACORN) roughly doubled in 2016 compared to 2015.

Australia remains the main target of malicious software – predominantly ransomware and software that steals personal information – in the Asia Pacific region in 2016, likely due to our economic prosperity and high adoption of technology.