Australia is among the most vulnerable countries in the world to a cyberattack, ranked as the ninth most vulnerable country, according to 2017 data from the Rapid7 National Exposure Index.
Dr Maria Milosavljevic, chief information security officer for the Department of Finance, Services and Innovation told the Public Sector Network’s Digital Marketplace 2018 on Thursday that this vulnerability must be addressed, warning that a breach could have catastrophic consequences.
“While we may not be the first target, we are wide open to collateral damage if this is what people are seeing about us. This will only get worse with more and more attacks,” she said.
Dr Milosavljevic also pointed to Varonis data from 2017 on global cyber risk which indicated that Australia has a similar level of vulnerability to a cyberattack as Russia and the United States.
“Australia is pretty high on this risk index despite our pretty small population. Of course this is only the known breaches,” she said.
The consequences of such a breach could be devastating, Dr Milosavljevic said, warning that a global breach could trigger a US$53 billion loss – a shortfall worse than a catastrophic natural disaster.
This rise in cyber threats illustrates our increasing reliance on digital services – and government is no exception, Dr Milosavljevic said.
The constantly changing nature of cyber threats presents a novel challenge for governments, Dr Milosavljevic said.
“The impact of incidents is increasing rapidly year on year. Where once cyber crimes were the domain of hackers, well-organised criminal syndicates and state-sponsored hackers are on the rise. Cybersecurity teams are waging a constant battle to protect our services every single day,” she said.
“It’s a relatively new problem, different to anything we’ve seen before. Cyber incidents haven’t been studied a lot because they’re relatively new and changing all the time.”
The NSW Government looks to release its cybersecurity strategy later this year, which Dr Milosaljevic says will be based on the state’s cybersecurity roadmap.
Governments need collaborative response
The growing cyber threat calls for a shared response by governments, Dr Milosavljevic said.
“The most important thing is to make it a shared problem that needs a joint response. We can no longer think about ourselves in silos,” she said.
A top-down approach based on good governance is also crucial moving forward, Dr Milosavljevic said.
“The most important thing is getting governance right,” she said, pointing to a three-pronged approach based on management controls, risk management and auditing.