In the wake of Russian-linked cyberattacks on Ukraine, Prime Minister Scott Morrison and the Australian Cyber Security Centre (ACSC) have issued a warning to Australian organisations that malicious activity may have local ramifications.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Similar warnings have been issued by the UK's NCSC and the US Department of Homeland Security following recent sanctions on Russian institutions. As Australian society becomes increasingly digitised, agencies must prioritise measures to secure data and critical infrastructure against threat actors.
Australian organisations and government must take precautions to prepare for state-sponsored attacks as geopolitical tensions continue to escalate, according to Eric Milam, VP research & intelligence at BlackBerry.
"As Australia is warned to bolster defences against cyber attacks following Russian threats to Ukraine, the ACSC's concern is a reminder of the power and repercussions of Russian cyber threats internationally," Milam said.
"As government agencies collect and share more digital information, they must develop a comprehensive, integrated approach to security to protect highly confidential data and communication. This can be done through AI-based threat prevention, enabling a zero trust security environment which continuously validates that trust at every event or transaction to authenticate users.
"My own team's investigation and prevention of these Russian threats, such as Dr. REvil, has revealed that it is crucial for organisations and government to learn how to protect against state-sponsored cyber attacks as a matter of highest priority."
The ACSC is encouraging Australian organisations to urgently adopt an enhanced cyber security position, warning organisations should act now to improve cyber security resilience in light of the heightened threat environment.
Due to the historical pattern of cyber attacks against Ukraine that have had international consequences, malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities the ACSC warned.
Overnight, Russia launched cyber attacks as part of their illegal and devastating attack on Ukraine and according to cyber security expert and global CEO of Vectra AI, Hitesh Sheth, "the war we see on TV is only a fraction of the conflict".
"Cyber weapons are doing at least equal damage to Ukrainian computer networks, particularly financial and military systems," Sheth said.
"We will never have more vivid proof that offensive cyber action is now a first-strike tactic, on a par with kinetic warfare.
“The sobering difference: conventional war is waged between nation states. Cyber war poses severe risk to private interests, however reluctant and unwilling they are to become combatants. Escalating cyber conflict can lead to unanticipated consequences and casualties. Nobody is assured of remaining a mere spectator."
While the ACSC is not aware of any current or specific threats to Australian organisations, it is pushing for the adoption of an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.
Milam further explained that cyber attack victims need to be capable of containing it as quickly as possible.
In this case, these solutions can also be used to communicate public safety warnings or updates to quell any panic.
"If you are victim to an attack, you also need the capability to contain it as fast as possible through a unified critical communications network, which can communicate between organisations, people, devices, and external entities regarding who is in the network and next steps," Milam said.
To that end, no public or private organisation can afford complacency about the events we are watching in real time, Sheth added, which proves the alarming point that antiquated cyber defences centred on perimeter protection will fail under fire.
"Security begins at home, and private interests cannot rely on state-sponsored protection. They must audit and reinforce cyber defences and prioritise AI-augmented detection and response. Doing so will contribute to stability in a worrisome time," Sheth concluded.