Interview on Cyber Security with an ACS Fellow and a BEC member of ACS Victoria, Professor Matt Warren

12 October 2021

^Highlights

• In the run-up to the Australian Cyber Week 2021, we had the chance to catch up with Professor Matt Warren and talk about cyber security and its landscape in Australia.
• Matt shared insights on what the top 5 major threats are to cybersecurity at the moment.
• Matt talked about how Australia is performing in the cyber security area, compared to other countries.

Q. How has the COVID-19 crisis changed the cybersecurity landscape in Australia?

One of the key reasons for the increase in cyber attacks is COVID-19 - many more people are working from home, away from the protection of the corporate cyber protection measures. This means that people are using their home computers to store and work on confidential and personal corporate data. We are seeing that individuals are becoming the targets of cyber-attacks. When an individual is compromised any related corporate information associated is also compromised.

Q. What are the top 5 major threats to cyber security at the moment?

The major security threats Australia is facing are:

1. The impact of COVID-19 upon all aspects of Australia;
2. Attacks upon Australia’s key critical systems;
3. The impact of ransomware attacks upon Australian organisations; 
4. The use of emails (phishing) to send the ransomware links;
5. The impact of Cyber threats upon Australia’s supply chains, during the COVID key supply chains such as food and medicine have become critical for the countrie's well-being.

Q. What volume of cyber attacks are being made and what is it costing the economy?

The latest figures from the Australian Cyber Security Centre (ACSC) shows that Australian organisations reported yearly combined losses of over $33 billion. This means that in Australia a cyber crime occurred every 8 minutes and in 2020/2021, there were 67,500 major cyber incidents an increase of 13% from 2019/2020 financial year.

Q. How should businesses implement and enforce a cyber-security Australia-based framework?

In Australia, there are several Australian based models that organisations can employ, these include the ACSC Essential Eight that highlights the basic cyber security steps that organisations can undertake, and there is the ACSC Information Security Manual that allows organisations to analysis their systems and develop a suitable security strategy.

Q. Do you think organisations are communicating to their employees the importance of cyber hygiene?

Human awareness around cyber security is one of the hardest aspects of cyber security. Employees are being targeted by cyber attacks all the time via social engineering and phishing attacks (trying to get a user to click on a link in an email). This means that all the cyber security investment by an organisation can be compromised by an employee clicking a link in an email and accidently downloading malware into an organisation.

Q. What is your recommendation about how an organization can uplift the cyber security education and awareness within an organisation?

This is the hardest cyber security question to answer; staff need to be made aware on an ongoing basis against the different types of cyber threats. The trouble is that online training modules or continuous phishing simulations (e.g. staff being sent imitation emails to test whether they click on a link) is a not the answer. Cyber security awareness has to be part of the culture of every organisation.

Q. We’ve seen recent examples of organisations like Channel Nine who experienced a cyber attack that interrupted their broadcasting, so do you think that these high profile examples are forcing organisations to rethink the true risk of cyber attacks?

All aspects of Australia whether government, large organisations, small organisations or individual citizens are potential targets of cyber attacks. This the new cyber normal that we are facing.

Q. How is Australia performing in the cybersecurity area, comparing to other countries?

Australia is taking cyber security very seriously, in 2020 Australia released its second five year National Cyber Security and states such as Victoria and New South Wales are releasing state based cyber security strategies. Australia is on an upward trajectory when it comes to cyber security.