A cybersecurity expert has referred to alarming data to show just how vulnerable Australia’s critical infrastructure is to hackers.
Sky News Business Editor Ross Greenwood says a “corporate arms race” is taking place between crime-fighting authorities and defence services against hackers.
“With the rapid emergence of artificial intelligence, the race has just been amped up a few notches,” Mr Greenwood said.
“Companies and governments need to keep spending to stay ahead in the game because if they lose, our whole way of life will change rapidly.”
Mr Greenwood sat down with Palo Alto Networks Regional Vice President Steve Manley to discuss the implications of artificial intelligence in cybersecurity.
In partnership with Palo Alto Networks
There are now 11 critical sectors designated by the federal government under Australia’s Security of Critical Infrastructure Act, which was amended in 2018 to introduce tougher regulations.
Under the changes, businesses are required to complete annual reporting to notify the federal government of any attempts to access their networks.
Speaking to Sky News Business Weekend host Ross Greenwood on Sunday, Fortinet Head of Operational Technology and Critical Infrastructure Michael Murphy said the 188 cyber security incidents across those sectors in the 2022-2023 financial year showed just how real the threat of cyberattack is to vital national networks such as the water and energy supply.
Alarming new statistics have shown how vulnerable Australia’s critical infrastructure is to cyber attacks. Picture: Getty Images
According to the Australian Bureau of Statistics, 34 per cent of businesses reported a loss of resources in managing cyber security attacks in the 2021-22 financial year.
Twenty-two per cent of Australian businesses experienced a cyber security attack during that period, more than double the number reported the year before.
“So ultimately what we’ve seen is, within the entities that now have mandatory reporting, they’ve reported 188 incidents,” Mr Murphy said.
“There are also entities that are not necessarily critical infrastructure, but they have also reported 142 incidents.”
Critical infrastructure assets include sectors in communications, data storage, financial services, water and sewerage, energy, as well as health and medical care, according to the Australian Government’s website.
Organisations in the field of higher education and research, food and groceries, transport, space technology and the defence industry are also identified as critical infrastructure sectors.
The cybersecurity expert said there can be a number of motivators for hackers aside from just financial gain, such as the element of control.
Loading embed…
“What we’ve observed is in many incidents there are motivators at play, historically it’s been based on financial profiteering,” he said.
“We’ve seen an increase in socio and political influence and more importantly, some hackers and syndicates simply want to raise their own credibility.”
Mr Murphy also revealed just how detrimental a cyber attack can be when a hacker shuts off access to a certain system.
“What we’re identifying is disruption leads to down time, down time leads to revenue loss and can lead to irreversible brand damage,” Mr Murphy said.
“In many incidents within the critical infrastructure landscape, we don’t necessarily have the luxury like in the IT enterprise, where we can turn different levers to bring things back up online. It can take a considerable amount of time.”