Prime Minister Scott Morrison has revealed today that Australian organisations – both public and private – are being targeted by a large scale state-based cyber attacker.
The Prime Minister says the threats are sophisticated, and are directed towards “all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
While Mr Morrison would not name the origin of the cyber threat, he went on to say that “we know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used”.
During a press conference in Canberra, the Prime Minister said this kind of malicious cyber activity towards Australian organisations wasn’t new, but was becoming more commonplace.
He was joined by Minister of Defence Linda Reynolds, who clarified that the campaign was “increasing in frequency, scale, in sophistication and also in its impact”.
- What is cybersecurity?
- How to protect your remote workforce from cyber attackers
- Here's our list of the best VPN services available
What you can do to protect yourself
The Prime Minister stated that the purpose of his announcement was not to cause concern, but to advise Australians on how they can take action to protect themselves.
So, what can businesses and individuals do?
The government outlined three strategies that Australians should follow.
Firstly, it’s important to ensure that your internet-connected devices have been patched with the latest-available security updates, and to ensure they're kept secure by installing any new updates as soon as they're released. For businesses, that includes ensuring any web-facing services they use (such as website hosting and email servers) are updated with the latest software fixes.
Secondly, multi-factor authentication for user accounts should be turned on as standard. This will help keep your internet access, cloud-based platforms and organisation infrastructure secure.
Finally, the government recommends organisations register to become a partner of the Australian Cyber Security Centre (ASCS). Businesses, government agencies and not-for-profit institutions that sign up will automatically receive threat information and actionable advice direct from the Australian government.
The threat of malicious cyber activity will also be of importance to the many Australians who have shifted into remote work as a result of the Covid-19 pandemic, and if you fall into that category, we've put together some simple advice on how you can protect yourself when you work from home.