Most Australian businesses under-prepared for a cyber attack report

Telstra boss Andy Penn has warned Australian governments and businesses are constantly being targeted by sophisticated cyber criminals and state actors, with many workplaces under-prepared for a serious attack.

Mr Penn, chair of the federal government’s ​​cyber-security industry advisory committee, said malicious actors were becoming more brazen, taking aim at governments, businesses and global supply chains.

Telstra boss Andy Penn says Australia faces a complex cybercrime environment that targets everyone from the local fish and chip shop to ASX200 companies.Credit:Eamon Gallagher

“Australia faces a complex cybercrime environment that targets everyone from the local fish and chip shop to ASX200 companies, the local primary school to global COVID vaccine supply chains,” Mr Penn said in a speech at the National Press Club on Thursday. “Malicious cyber activity is happening all of the time.”

He said in the past year, the number and sophistication of attacks had grown, with Australians losing more than $851 million in 2020 as scammers use the pandemic to con people, citing the ACCC’s latest Targeting Scams Report.

The government has stepped up its focus on cybercrime over the past year, regarding it as a threat to national security, and has put new laws before the Parliament to allow security agencies to take control of companies’ networks in the event of severe cyber attacks.

A proposal to make company directors personally liable for failing to mitigate cyber-security attacks will be canvassed as part of new governance standards to be co-designed with industry.

The government also set up the industry advisory committee, comprised of executives from the banking, communication and cyber-security sectors, including NBN Co chief security officer Darren Kane, National Australia Bank technology executive Patrick Wright and Macquarie Telecom Group chief executive David Tudehope.

The committee, which released its annual report on Thursday, recommended clearer guidance be developed to help businesses respond to ransomware attacks, which it identified as being among the fastest-growing areas of cybercrime.

“Most Australians and Australian businesses remain under-prepared for a cyber attack and it is crucial more resources are invested in improving the level of knowledge so Australians can better protect themselves online,” the committee said in a statement.

“There is a need to commit further effort to raise awareness of threats and mitigations. This could be achieved through a mainstream and social media campaign, using one voice with a clear and simple call to action.”

Ransomware is a form of malware designed to encrypt a victim’s files until a ransom is paid.

The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.

Lisa Visentin is a federal political reporter at The Sydney Morning Herald and The Age, covering education and communications.

Share this post