• Free Daily Newsletter
  • Get Premium
  • Small Logo
  • About
  • Partner Pages
  • Support & FAQs
  • Log in

The Mandarin

The Mandarin
The Mandarin
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library

Partner Content

Home Sponsored COVID-19 demands vigilance on cyber security measures

COVID-19 demands vigilance on cyber security measures

By Phil Baker

Friday July 31, 2020

On the 19th June, Prime Minister Scott Morrison announced that Australian governments, businesses and political organisations, are actively ‘being targeted by a sophisticated state-based cyber actor’.

In the wake of this startling revelation, the federal government announced it will create more than 500 new jobs to boost the cyber security capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).

Representing the largest ever investment in cyber security in Australia, this is part of the federal government’s $1.35 billion to develop new capabilities and improve the understanding of malicious cyber activity to better detect and defeat emerging threats.

As with so many other ill-fated sectors of the economy, the number of cyber attacks has also grown since COVID-19’s global spread. Keeping ahead of these threats is now more imperative than ever.

State-based threats

At the time, Morrison said “we know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used”. In cyber speak, an advanced persistent threat (APT) is an attack in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network to mine highly sensitive data.

APTs are not new and often state sponsored. A well-known attack, APT38, also dubbed ‘Lazarus’, was backed by the North Korean government and was widely credited with the 2018 WannaCry ransomware attacks. Other APTs have reportedly been responsible for election tampering as well as extensive targeting of the defence, technology, energy, and healthcare sectors.

Over time the risk hasn’t diminished. Earlier this month, Defence Minister Linda Reynolds said “nations are increasingly employing coercive tactics that fall below the threshold of armed conflict… Among the greatest of these threats are cyber-attacks. With growing frequency, these attacks target all levels of Australian society. Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”

COVID-19 and the increase in vulnerability

COVID-19 has impacted our work environment and associated cyber security landscape like no other global event in recent history. The remarkable transition to remote home office, often with reduced controls, has increased our vulnerability to malicious cyber activity.

KPMG’s global cyber intelligence team has seen a global increase in cyber-attacks since the start of COVID-19. This includes attacks on Australia. The official stance from government in June is a reminder that that we are under a relentless cyber-attack aimed at all sectors of our community, not just government or the ‘big-end’ of town.

With the increase in geo-political tensions and the reduction in global wealth, this situation is unlikely to go away.

What can we do, to help ourselves?

Protection will always be the best remediation. It is critically important to improve, update and continually monitor our national cyber security as a vital part of Australia’s national defence strategy. Amidst COVID-19 we need to remain vigilant and conscious that we are only as strong as our weakest link.

A first step is to have the right mindset and the recognition that any person or organisation can be a victim irrespective of the sector you work in or position you hold. Last year saw a spate of widely-publicised cyber-attacks against Australian universities and individual contractor attacks on government and business alike.

To protect we can:

  • Boost internal cyber security awareness. Assessments of cyber maturity at many organisations in Australia show low maturity for cyber security awareness. This is a critical aspect of enhancing our collective cyber security resilience. Ensure people-related risks are managed and minimised. By nature, people can often be the weakest link, simply because humans are fallible. Regularly reminding your teams to be vigilant through the use of cyber risk alerts are highly recommended. A cyber-attack can, in the click of a mouse, impact the fundamental workings of your organisation or wellbeing of your family. Now is not the time to ignore its importance.
  • Technical safe guards across both your work and home networks are key to reducing your vulnerabilities. We continue to see, across government, business and the home office weak security practices.
  • Build capability and skills in the workforce. As a minimum, many TAFE’s are now offering Certificate IV in Cyber Security.
  • Good cyber security practice includes:
    – Patching of software both operating system and applications.
    – Decommissioning end of life software and systems. For example, support for Windows 7 ended on the 14th January, 2020. Those continuing to use this operating system are more vulnerable to cyber-attacks.
    – Stronger passwords. In 2019, the UK’s National Cyber Security Centre analysed passwords belonging to accounts that had been breached worldwide. It found that 123456 was the password on 23.2 million accounts.
    – Use multi-factor authentication which will deter the crudest and most common forms of cyber-attacks.
    – Back-up your data, ideally on a daily basis.
    – Adopt the additional measure of the ASD Essential Eight, including user application hardening, disable untrusted Microsoft macros, and restrict administration privileges and application white-listing. More detail can be found at: cyber.gov.au/acsc/view-all-content/essential.

For more information contact KPMG

About the author

By Phil Baker

People: Linda Reynolds

Companies: KPMG

Departments: Australian Cyber Security Centre Australian Signals Directorate

Partners: KPMG

Tags: cyber security national strategy Phil Baker

Login
Please login to comment
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
siddharthmaggo7@gmail.com
[email protected]
5 months ago

Due to COVID-19 it impacted our work environment and it is important in updation of the cyber security. Hiring remote workers is the new trend for business owners. Thank goodness for the recent upgrade to our technology and the ability to outsource annoying business tasks to remote workers.To do these tasks has become a huge benefit in the workplace.

0
The Mandarin Premium

Insights for policy professionals.

Subscribe for only $5 a week.

Get Premium Today

Already a subscriber? Login

By Phil Baker

Friday July 31, 2020
Text size: A A A

Upcoming Events

28
Jan
[Roundtable] Government Data Security and Office 365
11
Feb
Reverse and Reciprocal Mentoring Webinar
15
Feb
Applying Behavioural Science to Create Change
16
Feb
Innovation Reset 2020: Trust | Empathy | Competence – How the new public work is the new work of government, the public service and many others too.
17
Feb
Proud Partnerships in Place: 2021 First Peoples Public Administration Virtual Conference
View Calendar

Partner Content

Whitepaper: Leveraging government data in a multi-cloud world

Whitepaper: Leveraging government data in a multi-cloud world

So what did we learn from 2020? Quite a lot: here’s how to make fast progress stick
Promoted

So what did we learn from 2020? Quite a lot: here’s how to make fast progress stick

eBook: Building digital trust in the post COVID-19 world

eBook: Building digital trust in the post COVID-19 world

Latest Jobs


  • Management Consultant

    Kiah Consulting

    • ACT
    Closing date 28th January, 2021
    7 days ago Full Time - Ongoing
  • Chief Information Officer, Transport Canberra and City Services

    Transport Canberra and City Service

    • ACT
    Closing date 27th January, 2021
    12 days ago Full Time - Fixed Term
  • Director Community Construction and Development

    The Department of Communities

    • WA
    Closing date 25th January, 2021
    12 days ago Full Time - Fixed Term
  • CHIEF EXECUTIVE OFFICER

    Australian Institute of Health and Welfare

    • ACT
    Closing date 27th January, 2021
    1 month ago
  • General Manager, Electricity Markets Branch

    Department of Industry, Science, Energy & Resources

    • ACT CBD
    Closing date 14th February, 2021
    2 days ago Full Time - Ongoing
  • 3x Manager Roles (Assessments, Investigations and Resolutions)

    Health Care Complaints Commission

    • NSW CBD
    Closing date 3rd February, 2021
    5 days ago Full Time - Ongoing
Search All Jobs

Login

New to The Mandarin? Create an account

Forgot password?

Share via email

Access your 3 free Mandarin Premium articles

As part of your free trial you will receive 'The Juice', The Mandarin's daily free newsletter, the 'Premium wrap' every Saturday and marketing emails. You can opt out at any time.
Content
  • Small Logo
  • News
  • Research Series
  • Features
  • Portfolios
  • Jurisdictions
  • New Zealand
  • People & Capability
  • Thought Leadership
  • Editors' Picks
  • Resource Library
  • Site Map
Products & Services
  • Small Logo
  • The Juice Newsletter
  • Partner & Advertising solutions
  • Mandarin Live
  • Public Sector Events Calendar
  • Partner Content
  • Premium
  • Careers
Legal
  • Small Logo
  • Privacy Policy
  • Terms of Usage
  • Code of Conduct
Connect
  • Small Logo
  • About Us
  • Contact Us
  • Support
  • Our Team
Social
Copyright © The Mandarin
Private Media logo CRIKEY SMARTCOMPANY STARTUPSMART
wpDiscuz