Albanese government ‘not taking AI cyber threats seriously’, industry warns
Cybersecurity experts say the federal budget is light on defending Australians against AI-fuelled attacks, with small and medium-sized businesses the most exposed.
Jim Chalmers’s third budget has been criticised for being light on cyber security, despite threats from state-sponsored actors and criminal gangs harnessing artificial intelligence to increase the speed and scale of attacks.
The budget featured several measures aimed at strengthening cyber security, including spending $388.2m over the forward estimates to increase security across its diplomatic network and $288.1m to “progress” the nation’s Digital ID program.
But, overall, industry criticised the government’s response to escalating cyber threats. Chris Sharp, Asia Pacific chief executive of cloud marketplace Pax8, said a lack of attention to cyber defences “sleepwalks over the financial challenges of our small to medium businesses (SMBs)”.
Mr Sharp said small businesses — “the great section of our economy” — were among the main victims of cyber crime, but were clueless on how to defend themselves, thinking hackers only targeted bigger companies such as Medibank, Optus and Latitude Financial.
“The problem is, even despite the recent flurry of media headlines, many SMBs remain blissfully unaware of how or why they can and should be improving their cyber defences. But it’s not their fault. Rhetoric is typically focused on ‘big business’ attacks, leaving SMBs thinking ‘we’re too small, our data doesn’t matter’,” Mr Sharp said.
“Often, SMBs don’t know how to start conversations, nor who to turn to. Working alone makes the cost of cyber security defences untenable, but it doesn’t have to be this way. For the price of a cappuccino per employee, all businesses can fortify themselves against threats.
“But they need a government that consistently recognises the cyber crisis and dedicates resources which get them started on becoming government compliant, fighting increasing cyber insurance premium costs, and protecting their critical data.”
David Hayes, regional director for Australia & New Zealand at cybersecurity firm Arctic Wolf, was also critical of the budget.
“It was disappointing to see that cyber security measures failed to include Australia’s Cyber Security action plan, particularly as the severity and frequency of cyber-attacks on Australian businesses has continued to drastically increase, along with 20 per cent rise in average ransoms as reported by our threat team,” Mr Hayes said.
Mark Thomas, Arctic Wolf Security Services Australia & New Zealand director, said the government’s response to cyber threats was “disheartening”.
“Last night’s Budget announcement demonstrated a lack of extra funding for Australia’s Cyber Strategy’s accompanying action plan comes despite the cancellation of the Cyber Hubs program, the only flagship cyber uplift initiative, at the end of last financial year,” said Mr Thomas.
Pieter Danhieux, co-founder and chief executive of cybersecurity start-up Secure Code Warrior, said the enhancements to Digital ID would be a “potent measure” for combating online fraud and identity theft — “if well executed”.
The legislation which is currently before federal parliament includes a two-year phasing-in period for the private sector into the Australian Government Digital ID System. During this period, the budget will fund pilots to explore new use cases, including issuing government verifiable credentials to a user’s digital wallet.
The government says this investment will help reduce the amount of ID data businesses store and expand use cases, helping mitigate against future data breaches like the one which hit ClubsNSW earlier this month, leaving a million Australians exposed.
But Danhieux said the Digital ID program was a “largely reactive component of Australia’s ongoing cybersecurity strategy”.
“I fear that we are placing too little funding on proactive, preventative security measures,” he said.
“The recent ClubsNSW breach showed that there is much work to be done in securing the software supply chain of many enterprises, not to mention a key need for education on how software vendors, enterprises and government departments manage and maintain PII (personal identifiable information) as part of their operations.
“At the moment, those at the coalface of software development and data management — mainly software engineers — need serious upskilling in areas such as access control, configuration, and safe application of APIs.
“Without this key knowledge becoming standard, data breaches will continue with the same ease we have now, and Australia must commit to do better.”
Steve Bray, Australia & New Zealand head at Cloudflare, urged the government to consider the cybersecurity implications of AI technologies — not just quantum computing.
The government announced earlier this month its intention to loan Silicon Valley company PsiQuantum $466m to develop a quantum computer.
“While the investment in quantum computing will work to improve our capabilities, protect our current systems, and look to guide encryption methods of the future, the more imminent cyber risk that will impact Australians comes from AI,” Mr Bray said.
“The rapid advancement in AI technologies poses a significant threat, as these technologies have already had a significant impact on cyber attack techniques, threats and scams.
“As we see cyber criminals leverage AI more and more so they can scale in their criminal activities more efficiently, this poses just as much risk to the public as quantum computing.”
More Coverage
Unreliability comes at a price for new car buyers
Try this quick quiz: Do batteries make a boring vehicle less boring? No, but they make it more expensive.
Who’s in (and out) of Qantas’s executive lounge
While handing free upgrades to politicians, Qantas is booting out executives from its Chairman’s Lounge for failing to spend more than $1m a year with the airline.