In the wake of Russian-linked cyber attacks on Ukraine, Prime Minister Scott Morrison and the Australian Cyber Security Centre (ACSC) have issued a warning to Australian organisations that malicious activity may have local ramifications.
Similar warnings have been issued by the UK's NCSC and the US Department of Homeland Security following recent sanctions on Russian institutions. As Australian society becomes increasingly digitised, agencies must prioritise measures to secure data and critical infrastructure against threat actors.
Australian organisations and government must take precautions to prepare for state-sponsored attacks as geopolitical tensions continue to escalate, according to Eric Milam, VP of research and intelligence at BlackBerry.
"As Australia is warned to bolster defences against cyber attacks following Russian threats to Ukraine, the ACSC's concern is a reminder of the power and repercussions of Russian cyber threats internationally.
"As government agencies collect and share more digital information, they must develop a comprehensive, integrated approach to security to protect highly confidential data and communication. This can be done through AI-based threat prevention, enabling a zero-trust security environment which continuously validates that trust at every event or transaction to authenticate users.
"My own team's investigation and prevention of these Russian threats, such as Dr. REvil, has revealed that it is crucial for organisations and government to learn how to protect against state-sponsored cyber attacks as a matter of highest priority," Milam said.
The ACSC is encouraging Australian organisations to urgently adopt an enhanced cyber security position, warning organisations should act now to improve cyber security resilience in light of the heightened threat environment.
Due to the historical pattern of cyber attacks against Ukraine that have had international consequences, malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities, the ACSC warned.
Overnight, Russia launched cyber attacks as part of their illegal and devastating attack on Ukraine and according to cyber security expert and global CEO of Vectra AI, Hitesh Sheth, "the war we see on TV is only a fraction of the conflict".
"Cyber weapons are doing at least equal damage to Ukrainian computer networks, particularly financial and military systems.
"We will never have more vivid proof that offensive cyber action is now a first-strike tactic, on a par with kinetic warfare.
“The sobering difference: conventional war is waged between nation states. Cyber war poses severe risk to private interests, however reluctant and unwilling they are to become combatants. Escalating cyber conflict can lead to unanticipated consequences and casualties. Nobody is assured of remaining a mere spectator," Sheth said.
While the ACSC is not aware of any current or specific threats to Australian organisations, it is pushing for the adoption of an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.
Milam further explained that cyber attack victims need to be capable of containing it as quickly as possible.
In this case, these solutions can also be used to communicate public safety warnings or updates to quell any panic.
"If you are [a] victim to an attack, you also need the capability to contain it as fast as possible through a unified critical communications network, which can communicate between organisations, people, devices, and external entities regarding who is in the network and next steps."
To that end, no public or private organisation can afford complacency about the events that are being watched in real time, Sheth added, which proves the alarming point that antiquated cyber defences centred on perimeter protection will fail under fire.
"Security begins at home, and private interests cannot rely on state-sponsored protection. They must audit and reinforce cyber defences and prioritise AI-augmented detection and response. Doing so will contribute to stability in a worrisome time," Sheth concluded.
Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.