Preparing for an Ever-Changing Threat Landscape


Organisations’ across Australia have faced a volatile and unpredictable threat environment in the first half of 2022. With warnings of increased threat levels due to rising international tensions and impending changes to legislation for critical infrastructure protection, cyber security has remained at the forefront of discussion across the public sector.

As we crossed the threshold into the second half of the year, a change in Federal Government has seen the appointment of the nation’s first dedicated cyber security Minister, Clare O’Neal. This, coupled with the announcement of additional funding in the federal budget, is evidence cyber security remains a high government priority.

In February this year, the ACSC released an alert for agencies to ‘urgently adopt an enhanced cyber security posture’. The Russian sanctions and strained relationship of China with the rest of the world heightened the need for vigilance in the cyber space. It highlighted the need for even stronger defences in an already challenging post-pandemic threat environment.

With a continued skills shortage in the sector and departments working to stretch budgets to meet the rising pressures, security leaders have been at capacity protecting data and networks from attacks. Changes to Security of Critical Infrastructure legislation and a pending bill regarding ransomware-specific regulation signify the shifting attitudes to securing the nation against malicious threats.

So, what lies ahead? Although it’s always difficult to predict the changing nature of cyber threats, particularly as bad actors take on a more sophisticated approach to their methods, it is important to be as prepared as possible. It is essential public sector agencies take a proactive approach to security and collaborate with other organisations to gain a better understanding of the latest threats and best practices.

Remote and hybrid workers are more difficult to secure and, with many cyber-attacks going unreported, shoring up defences and detecting vulnerabilities is key. Protecting against attacks on critical infrastructure, particularly by state-based actors, is a primary concern at a federal level – as is privacy.

For government agencies and individuals, phishing and ransomware attacks continue to pose significant issues. The financial cost and impact on an organisation’s reputation because of these attacks can be astronomical. While the threats are unpredictable, the chance of preventing a breach can be improved with preparation, up to date response plans and clear policies and procedures.

Which brings me to my next point – we’re left with 5 months before 2022 ends. Now seems like an ideal time to rethink how we are operating in a world where cyber criminals are keeping pace with our defenses.

There’s an intimate Cyber Meeting at the PwC Offices’ coming up this September attended by Australian State CIOs, CISOs, Privacy Commissioners’Tickets are complimentary for anyone in the Public Sector. The meeting’s focus is to stimulate conversations about pressing cyber security topics impacting the community in 2022 – and I would not want you to miss it!

We hope this article helped to inspire you with some ideas and most certainly look forward to speaking with you in-person to hear your thoughts on how to further strengthen the cyber security ecosystem!