NewsBite

Advertisement

This was published 3 months ago

‘The next threat’: Former UK cybersecurity chief’s warning for Australia

By David Swan

Australia’s recent spate of data breaches has been damaging but will likely pale in comparison to more disruptive attacks on the nation’s hospitals and airlines, according to a warning from the UK’s former top cybersecurity tsar.

Tens of millions of Australians have been caught up in data breaches over the past 18 months with customers of Optus, law firm HWL Ebsworth, Medibank Private and Dymocks all impacted in what has been dubbed a “new normal” of consistent attacks and leaks.

Cybersecurity expert Ciaran Martin: “Australia’s healthcare system worked throughout the data breach. Disruptive cyberattacks are much more malicious, and things can deteriorate very quickly.”

Cybersecurity expert Ciaran Martin: “Australia’s healthcare system worked throughout the data breach. Disruptive cyberattacks are much more malicious, and things can deteriorate very quickly.”Credit: James Alcock

Those attacks, which have affected users’ personal information and identity documents, will likely be dwarfed by coming disruptive cyber incidents, according to Ciaran Martin, the former CEO of the UK’s National Cyber Security Centre who now serves as the UK chair of Australian cybersecurity firm CyberCX.

In June, more than 1000 planned medical operations were postponed due to a cyberattack that impacted London hospitals, with blood tests in south-east London reduced to about 10 per cent of normal capacity. It’s those types of disruptive cyberattacks that Martin says Australia should be concerned about should they hit our shores.

“Medibank was a monster data breach, and data breaches have rightly become a big area of focus. But in terms of the next phase, the next threat, I’m someone who tends to be optimistic but I’m a little bit gloomier looking forward,” Martin said.

‘The CrowdStrike incident wasn’t a cyberattack, but it was a glimpse of what these things could look like.’

Ciaran Martin, CyberCX.

“Data breaches are awful, Medibank’s impact was ghastly, but data breaches are passive.

“Disruptive cyberattacks are much more malicious, and things can deteriorate very quickly.”

Martin refers to those attacks as “ransomware without ransoms”, and said their impacts could potentially cost lives in a way that data breaches do not.

Advertisement

“It could be an airline, it could be as serious as a hospital or healthcare system,” he said. “These attacks are only medium in sophistication, but done at a massive scale, it’s a much more serious risk than before.

“The CrowdStrike incident wasn’t a cyberattack, but it was a glimpse of what these things could look like.

“All of the Five Eyes governments say ‘look, we don’t expect this tomorrow’, but one difference I notice when it comes to Australia is the strategic threat posed by China is felt much more viscerally, and we all hope things don’t escalate into conflict there, but if it does get worse, there’ll be a significant, disruptive cyber element to that.”

Martin with then-Home Affairs Minister Clare O’Neil.

Martin with then-Home Affairs Minister Clare O’Neil.Credit: Alex Ellinghausen

Some “boring but important” lessons for Australia are for the nation to continue strengthening its cyber defences as much as possible, and to focus on critical dependencies, whether that’s in a company’s own IT infrastructure or that of a third-party supplier.

CyberCX was formed by Malcolm Turnbull’s former cybersecurity adviser Alastair MacGibbon and former Optus Business managing director John Paitaridis in 2019, as a roll-up of 12 smaller cybersecurity firms. It’s since grown into Australia’s largest cybersecurity provider and employs more than 1300 staff with customers in the private and public sectors. Telstra is rumoured to be a likely interested buyer for the company, if its largest investor, BGH Capital, seeks a sale. CyberCX is thought to be worth at least $2 billion.

Martin chairs the company’s UK arm and said he was initially drawn to the role because of his relationship with MacGibbon.

“He’s an old friend, he was my opposite number in Australia,” Martin said of MacGibbon, who was previously the head of the Australian Cyber Security Centre. “I was initially sceptical, but it was a pretty compelling vision.

CyberCX chief strategy officer Alastair MacGibbon and CEO John Paitaridis.

CyberCX chief strategy officer Alastair MacGibbon and CEO John Paitaridis.Credit:

“With the threat to Australia at the moment, even if the government was able to execute perfectly on everything it wanted, it can’t fix everything, and you need the private sector to step up.”

Martin weighed in on the federal government’s new plan to tackle financial scams, announced in September. It flagged new laws that would impose fines of up to $50 million on banks, telcos and tech giants that fail to act on fraudulent schemes that fleece their customers.

The new regime will not follow controversial changes in Britain however that put the greatest requirements on banks to pay the refunds, seeking instead to share the responsibility with tech platforms such as Facebook if they spread the scams.

Loading

Martin welcomed that decision and said that any plans to shift the onus for scams more heavily onto banks may lead to unintended consequences, like some retirees losing their banking services entirely, given they disproportionately fall victim to scams.

“If I look at my own record, there are lots of things I’m very proud of, we did a lot on cybercrime and financial scams including automatic takedowns, and we set up a central service where you can forward suspicious emails to an email address called report@phishing.gov.uk,” Martin said.

“It’s a massive, really difficult problem, but framing it as a collective problem is that if everybody’s responsible, nobody is.

“And in the UK, the changes that are about to come in have led to some nervousness. It might be a bit like after 9/11 where just doing basic transactions becomes so much harder because everything has to be checked more thoroughly.”

The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.

Most Viewed in Technology

Loading

Original URL: https://www.brisbanetimes.com.au/technology/the-next-threat-former-uk-cybersecurity-chief-s-warning-for-australia-20240912-p5ka3d.html