Written by staff writer.
Shadow Cybersecurity Minister Senator James Paterson has told an online audience that government contractors, critical infrastructure providers, and entities involved in the defence sector can expect to have cybersecurity standards imposed on them that are as high, or higher, than the government agencies they are working with.
Paterson’s comments come as the Australian government joined 50 other countries in Washington D.C. this week, reaffirming a commitment to build a collective ransomware resilience, as well as undercutting its viability, via the International Counter Ransomware Initiative (CRI).
Paterson said the three big groups of private sector companies he highlighted need to start thinking ahead and planning for what the Australian government will likely require if they wish to continue doing business with the government in the future.
“People in these sectors need to watch what the government is doing (in terms of cybersecurity) and mirror it,” Paterson said. “It won’t just be hardware. It will also be software because every piece of hardware and software is a point of vulnerability we cannot afford to have in the current strategic environment.” He argues that the cybersecurity standards imposed on government agencies and departments are inevitably going to be imposed on private sector providers working with the government, and these providers are going to find it cheaper and less problematic in the long run if they start implementing them now.
The Australian Cyber Security Centre’s latest Annual Cyber Threat Report, covering the 2021-22 period, reveals that there were 76,000 reports of cybercrime in Australia in that 12 months, up 13% on the previous year. It noted that the average cost per cybercrime report was more than AUD39,000 for small businesses, AUD88,000 for medium-sized companies, and AUD62,000 for large enterprises. Ransomware attacks had also spiked more than 500% since the start of Covid-19.
This week’s Washington meeting, the third CRI gathering, is focused on developing capabilities to disrupt attackers and the infrastructure they use to conduct their attacks, improving cybersecurity through sharing information, and fighting back against ransomware actors. The joint statement following the meeting noted the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example. “CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demand.”
In the wake of the meeting, Darren Marshal, Australia’s National Cybersecurity Coordinator, said the meeting’s outcome was to “strengthen our global commitment to undermine the ransomware ecosystem, including through sharing best practice that seriously disrupts and degrades those who seek to do us harm.”
Paterson says the Australian government’s goal to become one of the world’s most cyber-secure nations by 2030 is a “great ambition,” but also an ambitious one. He argues that the government could do more to help private sector entities play their part and that the government must not place an unjust compliance and financial burden on the private sector.
“What we need is a partnership between the government and private sector,” he said. He says while there have been significant advances in cybersecurity awareness in the past five to ten years, there is more work to do, particularly in prepping companies that do business with the government to start implementing best practice cybersecurity practices to better defend against a range of cyber-threats, including ransomware.
