Once a distant concern, cyber security has been catapulted to the forefront of our minds in the last few years, becoming a vital concern for every industry. The exponential growth of technology has meant that hackers are consistently several steps ahead of the average business’s defences, while the government scrambles to develop strategies to manage this new threat to national security.
2023, the year of extensive cyber security reforms
After the widespread data hacks last year, which affected high-profile companies like Medibank and Optus and put millions of their customers at risk, 2023 became a time of major cyber security regulation changes (Wats, 2023).
Australia’s Cyber Security Strategy 2020 became a nation-wide focus and has since garnered a $1.67 billion investment. The focus? Achieving ‘a more secure online world for Australians, their businesses and the essential services upon which we all depend’ (Department of Home Affairs, 2023).
The introduction of cyber incident reporting
In August 2023, there were major changes to the Security of Critical Infrastructure Act 2018 (SOCI Act)—and as a result of the 2020 cyber security strategy, a major part of these reforms related to cyber security. As of August, it’s compulsory for critical infrastructure industries to complete cyber incident reporting through the Australian Cyber Security Centre’s (ACSC) online portal (Australian Signals Directorate, 2023).
However, this regulation isn’t just a new layer of admin for businesses to deal with, the ACSC can also provide assistance in the occasion of a cyber security breach.
- Assess the incident to determine the impact on Australia
- Figure out if more detailed actions are required
- See whether it was caused by a sophisticated malicious actor
- Provide an incident response resource
- Offer the services of a team of digital forensics specialists
- Give guidance on public communications
- Work with you to coordinate briefings with industry partners or government agencies
- Provide information and reports to finalise the investigation
- Connect you with additional support such as cyber resilience uplift activities, and if required, the Department of Home Affairs or Australian Federal Police (Australian Signals Directorate, 2023)
The impact of remote working trends and evolving AI technology
The complexity of the digital landscape has been escalating for decades, and in the last few years, trends such as the growing popularity of remote working and the sudden evolution of AI have been contributors to Australia’s data security weakness.
According to the 2023 Thales Cloud Security Study, before you even include the risks of remote working, human error is already the leading cause of cloud data breaches in Australia. Then the problem intensifies when you split an organisation across multiple unsecured Wi-Fi networks, in unregulated spaces where risky cyber behaviours are more likely (Lebre, 2023).
Unlike working from home trends, the rise of AI technology is both a risk to businesses’ data security and a potential solution. Cybercriminals are already implementing tools like ChatGPT where they can, using them to write spam and phishing links, and create more pervasive and complex threats. However, Cyber Security Minister Clare O’Neil says that AI and machine learning are also going to build new tools to help us manage these issues (Davidson, 2023).
Iain Rouse, managing director for cloud services provider AWS, says “Automation can be baked into a business’s fundamental security approach. Automation takes those business-as-usual security tasks off the plates of employees, reduces human error and allows teams to spend their limited time on the highest value tasks.” (“Steering towards a secure cyber future”, 2023).
Implementing cyber security strategies to combat threats and meet regulations
Although the new cyber security laws and regulations will assist companies with protecting themselves against the growing threats of remote working and AI, it’s imperative to invest in the insights of experts who constantly stay up to date with this rapidly changing landscape.
As Valentine Wats, CEO of software services company TEMSCONSU said, “Increased legislation cannot be effective in solving the problem if you don’t have the expertise, tools and techniques to effectively combat a technologically advanced crime,” (Wats, 2023).
While the cyber security regulations become more severe and the likelihood of data hacking incidents continues to escalate, businesses must adopt a culture focused on healthy cyber security practices and prioritise getting the best systems put in place by people who intrinsically understand the digital industry.
Wats, V. (2023, August 17). Why Technology, Not More Legislation, Is The Answer For Cybersecurity. Forbes. https://www.forbes.com/sites/forbestechcouncil/2023/08/17/why-technology-not-more-legislation-is-the-answer-for-cybersecurityvalentine-wats/?sh=d90731f32521
“Australia’s Cyber Security Strategy 2020”. Department of Home Affairs. (2023, May 26). https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/australias-cyber-security-strategy-2020
“How the ASD’s ACSC can help during a cyber security incident”. Australian Signals Directorate. (2023, September 1). https://www.cyber.gov.au/report-and-recover/how-asdacsc-can-help-during-cyber-security-incident
Lebre, M. (2023, September 19). Navigating remote working cyber risk. Technology Decisions. https://www.technologydecisions.com.au/content/security/article/navigating-remote-working-cyber-risk-443313289
Davidson, J. (2023, September 19). How cyber criminals use ChatGPT to make better scams. Australian Financial Review. https://www.afr.com/technology/steering-towards-a-secure-cyber-future-20230911-p5e3re
Steering towards a secure cyber future. (2023, September 11). Australian Financial Review. https://www.afr.com/technology/how-cyber-criminals-use-chatgpt-to-make-better-scams-20230918-p5e5i0