THE peak membership body for Australian information-security professionals, Australia Information Security Association (AISA) has prepared a detailed and comprehensive submission to the Federal Government’s 2020 Cyber Security Strategy.
According to the AISA everyone has become increasingly dependent on technology and more continuously connected online, the seriousness and impacts of disruptions, breaches and cyberattacks to the Australian economy and society exponentially increase.
In AISA’s survey of 6000 members, it found 62 per cent of respondents had experienced an attack and 76 per cent knew someone who had been impacted by cybercrime.
When the 2016 strategy was launched, one in four Australians was impacted by cybercrime.
The situation has deteriorated to the point where one in three Australians is now impacted by cybercrime, indicating that as a country we are losing the battle to protect businesses, services and the community.
On a scale of 1-10, with 10 being extremely high and one being very low, industry experts rated the current cyber threat level as eight (on the extremely high end) for:
• Australian businesses
• The Australian Federal Government
• Australian state and territory governments
The threat to Australian citizens was rated as seven, indicating that experts felt businesses and the government were dealing with more threats than the general community, but only slightly so.
More than half (50.6 per cent) of survey respondents experienced personal data loss by an online service provider in a cyber security data breach. Also, 11 per cent had experienced some form of online bullying or trolling, 5.3 per cent had experienced data theft from spyware or a hack on their device and, surprisingly, eight per cent of cyber security professionals had lost money due to an online scam.
The rates of occurrence in the general population – who do not have an awareness of cyber security threats and the techniques used by scammers and cyber criminals – are likely to be much higher.
Based on the survey, 76.4 per cent of cyber security professionals know at least 14 people within their family or personal network who have experienced one or more of the following:
• Ransomware – encryption of their data on their device
• Paid money due to doxing / online blackmail
• Data theft from spyware or hack on their device
• Suffered from online bullying or trolling
• Lost money due to an online scam
AISA wrote 95 per cent of respondents felt there were several activities that could be undertaken by the Government to help reduce the occurrence of malicious activity and deter cyber actors from attacking Australians.
Of respondents, 26.4 per cent felt that greater penalties for cyber criminals would be a deterrent, particularly for threats coming from the local environment or partner countries. Diplomatic responses using global cooperation, international law or various sanctions to create economic hurdles were considered an alternative approach for foreign threats by 12.9 per cent of respondents.
Awareness and education were also recommended by 13.5 per cent. This includes education on the responsibilities of data custodians and owners, while 17.2 per cent considered that the Government take a hands on approach with offensive active responses, effectively hacking back.
Deploying deception or disruptive technology (honeypots) across the Australian environment, including some small business environments was suggested by only 3.7 per cent of respondents. There was also the suggestion to name and shame state actors, deployment of clean-pipe technologies (content filtering, SPF, DKIM, DMARC etc) and to work in greater collaboration with industry were all considered by 4.3 per cent of respondents as actions to take.
Additional suggestions included more resources for the AFP and ACSC, improved software from vendors, mandatory assessment of systems (like civil engineering), additional resources specifically for small business and to support victims.
Tags: AISAAustraliaCybersecuritygovernment