Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Wednesday, 22 June 2022 20:13

Developing a culture of cyber resilience in Australia's public sector

By Virsec

GUEST OPINION by cybersecurity firm Virsec: Organisations of every size and kind face constant challenges in maintaining adequate cybersecurity skills in the face of growing cyber risk. The existing shortage of cybersecurity skills and high threat levels have been exacerbated by COVID-19 and remote working, causing a rise in IT expenses. This issue is particularly acute in the government sector.

In Australia, public sector spending on IT continues to grow, along with the danger of cyber attacks on government bodies. In September 2021, Gartner forecast that Australian government sector IT spending would exceed $15.5 billion in 2022, an increase of 8.8 percent from 2021. Gartner said the increase would be driven by key programs to “strengthen national cyber response”.

However, throwing money at a problem is not always the best solution. In the case of cyber security and incident response, it can be very difficult to find and retain the level of skilled resources needed to implement high-level protection and respond effectively to any successful breach. And the more tools you have, usually require more people to run them and more people in the SOC to triage the ever growing number of alerts.

And in the unfortunate event of a breach, these skills are often severely tested or non-existent. A successful attack on an organisation imposes massive additional workload on staff and require the use of tools and techniques they might struggle with or do not understand, due to infrequent use or the sheer breadth of security solutions as part of their cyber defences.

Also, it is well-known that organisations are in a continual arms race with cyber criminals, forever investing in new security measures to counter new and evolving attack techniques. Defences that offered adequate protection five years ago may be easily compromised today. Just because something has ML or AI, doesn’t make it a silver bullet!

Recent attacks triggering a wake-up call

Ransomware is one of the most common types of cyber attack because it can be highly lucrative. The Australian Government is well-aware of the growing impact of ransomware, on government entities in particular.

In October 2021 it released a Ransomware Action Plan. In her foreword, Minister for Home Affairs, Karen Andrews, said: “Over the past 12 months, Australia has faced a 15 percent increase in ransomware attacks reported to the Australian Cyber Security Centre.”

The report outlined the capabilities and powers Australia would use to combat ransomware. As part of the plan, the Government created a multi-agency taskforce led by the Australian Federal Police, to mount Australia’s strongest response to the surging ransomware threat. The report also provided information on where victims could go for help.

The release of the report came after a string of significant ransomware attacks on public entities. One of the most high profile attacks hit the Bureau of Meteorology in 2015. It was only a year later that the Australian Signals Directorate released details, saying "CryptoLocker ransomware found on the network represented the most significant threat to the bureau's data retention and continuity of operations.”

In late 2019 the Council of the City of Onkaparinga in South Australia was paralysed by a 'Ryuk' ransomware attack. Recovery took three months.

In June 2020, Transport for NSW was hit with a ransomware attack, with IT systems taken offline to halt the spread of ransomware.

In March 2021 Eastern Health, which operates Box Hill, Maroondah, Healesville and Angliss hospitals, was similarly forced to shut down some of its IT systems following a ransomware attack.

Countering cyber security staff shortages with cyber resilience

The cyber security skills shortage isn't going away, in fact it keeps getting bigger. So Australia's public sector must look for ways it can reduce dependence on human resources and make infrastructure better able to resist disruption and continue operating. This is a culture of cyber resilience.

The Australian Cyber Security Centre defines cyber resilience as “The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.”

Cyber resilience is an evolving approach rapidly gaining recognition. It brings together information security, business continuity and organisational resilience.

Resilient infrastructure can protect data and maintain business continuity in the face of an attack. It represents a significant step beyond the level of protection offered by traditional cyber security: it is adaptive and proactive, rather than reactive.

There are two key components required to build cyber resilience.

Organisations need real-time visibility into all areas of their IT: hardware, networks, operating systems and applications. After all, you can't protect what you don't know is there. With this real-time visibility, the chances of detecting and neutralising any threat that has breached perimeter defences are much greater.

It's time to swap out traditional endpoint detection and response tools (EDR) for true runtime protection. EDR (and now xDR) tools simply notify organisations of a breach after they've been compromised. By that stage it's already too late (that's like warning someone that an armed robber is present after they’ve already entered the building and stolen goods). Runtime protection on the other hand stops the attack in action before it can cause lasting damage, by understanding exactly how every application should behave, and immediately thwarting unusual activity.

It's important to know that cyber resilience isn’t built overnight – organisations should aim to gradually introduce new tools and techniques over time, to avoid disruption to operations or stalling digital transformation.

Read 812 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News