It is imperative to close the trust gap and bolster national cyber resilience, experts emphasize.
In 2024, cybercrime cases in Australia surged by 23%, with 94,000 new cases reported compared to the previous year. The Australian Signals Directorate (ASD) also noted a 10% decrease in industry reporting on cybercrime issues from June to August 2023.
The Department of Home Affairs revealed that a cyberattack occurs every six minutes in Australia, often resulting in companies paying ransoms to retrieve critical data.
This data was presented during a parliamentary inquiry into the Cyber Security Legislative Package 2024, which consists of three bills.
The proposed legislation aims to implement seven initiatives outlined in the 2023-2030 Cyber Security Strategy, aligning Australia with global standards and positioning the country as a cyber security leader.
Stephanie Crowe, Head of the Australian Cyber Security Centre at ASD, highlighted the concerning rise in ransomware attacks and data extortion attempts.
Ransomware attacks involve hackers locking down systems and demanding payment, while data extortion threats entail releasing sensitive information unless a ransom is paid.
Challenges in Cyber Defence
Hamish Hansford, Head of the Australian Cyber and Infrastructure Security Centre at the Department of Home Affairs, stressed the necessity of exposing ransom payments to prevent further escalation of cybercrime.
ASD officials pointed out that delays in incident reporting and limited industry engagement impede effective threat mitigation. Swift information-sharing is crucial in countering cyber threats.
Crowe emphasized the value of early threat reporting, stating that it could prevent incidents from occurring to other entities. Timely responses are crucial in cyber defense.
Witnesses expressed frustration over delays in inter-agency information-sharing, calling for quicker response protocols.
Crowe emphasized ASD’s role in providing early warning and prevention of cyber incidents.
$3 Million Threshold for Ransomware Reporting
Department of Home Affairs officials outlined efforts to enhance transparency around ransomware payments by proposing a $3 million threshold for mandatory reporting.
Stakeholders have varying views on this threshold, with some advocating for a zero threshold to align with the Privacy Act.
While ransom payments are discouraged, transparency in reporting could help companies avoid future incidents. The proposed framework is targeted and measured, with less stringent requirements compared to other countries.
ASD supports the $3 million turnover threshold to balance transparency with compliance capability, especially for smaller businesses.
Improving Industry Collaboration
ASD has been gathering feedback through roundtables and town halls to shape its cyber security policies.
A centralised portal website at cyber.gov.au is being developed to streamline reporting for businesses, enabling them to report incidents, vulnerabilities, and cybercrimes in one place.
ASD is committed to making the portal accessible to small- and medium-sized enterprises (SMEs) for easier compliance and swift threat data collection.
Cybersecurity Education and Trust Building
ASD is enhancing its educational outreach through the Cyber Security Partnership Program to address the growing cyber threats.
Key focuses include promoting secure-by-design standards and urging businesses to rectify vulnerabilities that cybercriminals exploit.
The cyber.gov.au portal provides tailored guidance to different industries, complementing these efforts.
Building trust within the business community is crucial for effectively combating cyber threats. ASD ensures data reported to them is used solely for cybersecurity purposes under the Intelligence Services Act.
ASD is committed to transparency and secure data handling to foster a cooperative environment for mitigating cyber risks in Australia.
Please rewrite this sentence.
Source link
