Prevention and regulation are Australia's top cyber security priorities

03 June 2019 4 min. read

As investment in cybersecurity becomes increasingly necessary, organisations in Australia are prioritising two things: protecting their operations, and complying with a range of new regulatory guidelines that have emerged in recent years.

Australia is amongst the more advanced digital markets across the globe, which translates to efficiency and innovation in various sectors on the one hand, but increases vulnerability from unprecedented fronts on the other. As a result, the cybersecurity landscape in the country has increasingly presented fodder for analysis.

AusCERT, the Australian Cyber Emergency Response Team, monitors the cyber market closely. In a new report from the organisation, in collaboration with professional services firm BDO, the authors found that senior ranks of organisations across Australia are starting to recognise the cyber threat landscape, and are increasingly involved in tackling these threats. This participation extends down to the management and team leader level at a number of organisations.

Organisations that experienced an incident

In addition to more participation, the firm also finds that the approach being taken to tackling the threat is more advanced than ever, which stems from a variety of factors. One possible cause of this is the forced increase in awareness that has emerged from a number of new regulatory restrictions.

Australian businesses are working to comply with the Notifiable Data Breaches Act that was implemented in Australia in 2017. Firms with an international profile are also pushing to remain within the General Data Protection Regulation (GDPR) stipulations that have come into effect since last year. 

In working to protect their organisations, some sectors appear to have performed better than others, gauged by the trend in the number of attacks over the last three years. The numbers also reveal the sectors that are prioritised by those perpetrating cyber attacks of various nature.

Incidents experience in 2018 vs 2019

BDO reports that the Education & Training sector is home to the highest percentage of organisations that have experienced a cyber attack or “incident” last year. This represents slight deterioration from the previous year, but a substantial improvement from the 2016 figures. 

Other sectors that saw a spike in the number of organisations targeted last year include financial services as well as the information media & telecommunications sectors. According to the report, these sectors tend to be targeted due to the substantial repositories of valuable data that they possess.

The type of cybersecurity incident is in itself another area of analysis. Up until now, the most common form of cyber attacks have come in the form of phishing or targeted damaging emails. A substantial number of phishing attacks are expected in 2019 as well, although it will no longer remain the primary threat according to BDO.

Most likely sources of incidents

Data loss or theft of confidential information is likely to be the primary threat to organisations this year, accounting for nearly 20% of all attacks. A significant source of this data loss is often instigated by data breaches caused by third party suppliers.

Nevertheless, the most common source of cyber attacks remains dedicated cyber criminals and organised crime divisions. For the last three years, these organisations have accounted for between 50% and 60% of all cyber attacks. While insiders and employees have been the second most significant source of attacks in 2016 and 2017, foreign governments have taken over this position last year.