Guest Publishers

Cybercrime is the biggest threat facing corporate Australia today

Nikki Saunders
Nikki Saunders

Why latest guidelines spell danger for Australia’s Cybersecurity

Cybercrime is the biggest threat facing corporate Australia today, costing the economy more than an estimated $3trillion.

With the sophistication, agility, and frequency of attacks increasing (one every 8 minutes in Australia), it’s encouraging to see the federal government implementing new legislation in response. However, while the intention is to better protect Australia’s critical infrastructure, this new cybersecurity framework could do the opposite. 

Originally designed in 2018 the reformed ‘Critical Infrastructure Protection Act 2022’ came into effect in July this year. With an improved framework for handling cyber threats, it includes an array of measures to which Australian businesses and services must adhere. 

In theory, the new act is imperative for safeguarding a modern Australia. Its existence provides a benchmark for IT and OT professionals across a greater variety of industries, and ensures security is a collective responsibility. 

The importance of addressing this responsibility cannot be overstated in an environment of increased cyber threats to essential services and businesses over the past few years – including federal parliamentary networks, the medical sector, universities, and key software businesses.  

Take the most recent attack on Optus’ network as an example, which has seen millions of customers potentially affected, with full names, date of births and contact details stolen.

While Optus was covered by insurance, it’s a reminder that sufficient scenario planning and risk mitigation is integral to preventing these increasingly sophisticated attacks. Potentially one of the largest attacks Australia has seen to date, it’s a warning to us all that cybersecurity has never been more critical.  

The introduction of the new act then is a positive sign that Australia is taking cybersecurity threats more seriously. However, some of the amendments foreshadow an evolution of increasingly stringent rules that could become unrealistic and unachievable – ultimately threatening system effectiveness and integrity.

One such update is the change to incident reporting deadlines. In line with the new law, organisations are now required to notify the Australian Cyber Security Centre (ASCS) within 12 hours of becoming aware of an incident. Failure to comply can result in fines starting at $11,000.  

Not only could this have implications for smaller businesses, which often have fewer resources to identify and manage attacks on their assets, it detracts from what should be the priority of risk management.

The standard 12-hour reporting deadline also doesn’t take into consideration the challenges and processes of different industries – finance vs the food sector, for example.

The sophistication and complexity of cybercrimes mean that, in many instances, the time it takes to correctly identify an attack and potential solution is also difficult to predict.

On a global scale, reporting time for incidents was previously around 72 hours, meaning deadlines have reduced from three days to one. The risk in this continued reduction of reporting times is that requirements may get so low – potentially to immediate notification or ‘zero hours’ – that it’s simply unsustainable.

Organisations must have adequate time to identify a breach, investigate the incident and produce an accurate report without fear of potentially devastating legal, cost and brand ramifications.

While the latest guidelines hint at a stricter framework in future, the current requirements are achievable for organisations that are prepared. For any organisation, whether 300 or 30,000, the key to effectively managing cyber-security is understanding responsibilities and having a clear plan. 

To implement the most effective cybersecurity, you must first have visibility over all your systems. At Schneider, we work with businesses daily to understand their unique challenges and ensure open lines of communication. We also have dedicated cybersecurity leads to ensure clearly defined roles and responsibilities. 

To practice what we preach, we upskill our people through mandatory annual cybersecurity certification, and we have a customer-facing Cybersecurity Virtual Academy, an online resource providing educational cybersecurity content, as well as opportunities to engage with industry experts through webinars and Q&As.

We also partner with other leaders in the cybersecurity space to help our customers best leverage the investment they’ve made in their existing IT environment.

Whether you’re a start-up, SME, or global enterprise, the new guidelines are an important reminder that investing in cybersecurity is not just the right thing to do, but critical for your business.

ByNikki Saunders
Follow:
Nikki is the cybersecurity EcoSystem Program Manager, Pacific, Schneider Electric
Previous Article AXS Google Cloud ASX Chooses Google Cloud to Power Product Innovation
Next Article Brain cells in dish taught to play Pong in experiment Human brain cells in a dish learn to play pong
Leave a Comment

Leave a Reply

Race to zero hours Australia’s Cybersecurity

Tech Articles

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

How some of the internet’s best independent blogs were quietly…

Sean Yu, VP of Commercial APAC at EBANX.

The Consumers Driving Global E-Commerce Growth Are Closer to Australia Than Many Businesses Think

The consumers driving global e-commerce growth are closer to Australia…

The Growing Crisis of Space junk and Debris

Space Junk Is Becoming One of the Biggest Threats to Modern Spaceflight

More than 33,000 tracked objects now orbit Earth at speeds…

Recent News