Mass infrastructure attacks (MIAs) are on the rise in Australia: why we need an ecosystem approach to thwart cyber security threats

Digital skills are more important than ever – they are critical for everything from business to education, particularly with the shift to remote work and schooling due to COVID. However, our increased reliance on the internet for communication and access to services and information has generated more opportunities for malicious cybercriminals to exploit vulnerable organisations and individuals.

The coronavirus pandemic has highlighted the multitude of ways cyber criminals can exploit national and global crises – these have ranged from mass phishing campaigns through to business email compromise and ransomware. Every sector of the Australian economy has been impacted by cybercrime – most recently seen in the Loj4j vulnerability which targeted and compromised systems globally and in Australia.

In fact, the Australian Cyber Security Centre’s Cyber Threat Report 2020-21 reveals 67,500 cybercrimes took place for the period assessed, an increase of almost 13 per cent from the previous year. Disturbingly, the report also found that 25 per cent of cyber incidents were associated with Australia’s critical infrastructure or essential services, including health care, food distribution and energy sectors. These mass infrastructure attacks, or MIA, emphasise the likely increase in disruption in essential services, loss of revenue and the potential of harm or loss of life.

Cybercriminals have also taken advantage of the COVID-19 situation by targeting digitally accessible information or services. Spear phishing emails were commonly used to coerce recipients to enter personal details for access to COVID-related information or services. The Australian healthcare sector has been a key target, with malicious actors looking to access sensitive information about Australia’s response to COVID and leveraging critical services for ransom attacks. In March 2021, a ransomware attack against a Victorian public health service affected four hospitals and aged care facilities and resulted in the postponement of elective surgeries. Ransomware attacks on an Australian media company and JBS Foods further demonstrated a move by cybercriminals away from minor attacks towards coercing eye-watering sums from large or high-profile organisations.

These shifts in targeting and tactics have escalated the security threat to Australian organisations across all sectors, including critical infrastructure. Now more than ever, there is a need for innovative private-public reskilling and education solutions, given the severity of the skills crisis and the pace of change. Strengthening a skill development ecosystem with participation from educators and employers would catalyse the cyber skills revolution Australia urgently needs.

One such ecosystem approach is Cyber STEPs², a $3,777,795 million national partnership program between Grok Academy, the Australian government (the Department of Industry, Science, Energy and Resources and the Australian Signals Directorate) and industry (ANZ, CBA, NAB, Westpac, BT, Amazon Web Services, and Fifth Domain). This initiative, the largest of its kind in Australia, will see advanced cyber security taught to Years 7-12 students and will, for the first time in Australia, also be available to TAFEs, other RTOs, and universities to use in their introductory cyber security courses.

This cross-industry partnership emphasises the vital need for schools, government and Australia’s business sector to work together to address the immediate skills shortage, while also fostering a longer-term cyber security culture within Australia’s education system and future workforce. According to AustCyber’s Cyber Security Sector Competitiveness Plan, Australia will need 18,000 more cyber security workers by 2026. Cyber STEPs² will therefore play a critical role in engaging Australian student interest in pursuing studies and careers in cyber security.

It is essential for Australia’s economic prosperity and long-term security that we build a highly skilled and educated cybersecurity workforce, as well as ensure all students, parents and teachers across the country have access to resources. Areas of opportunity and improvement can be defined by the investments of reskilling and preparing the new workforce for the requirements of high-demand entry level positions. As growing and reskilling becomes an increased priority, Australia aims to close the shortage gaps in cybersecurity and adapt to the new era of technology and digital skills.

Cyber STEPs²’ first cyber security challenge, Cyber Live, will be launching on March 16, 2022 and students from around the country will have the chance to experience a large-scale cyber-attack first-hand and strive to thwart a simulated and dramatic ‘MIA’ on multiple military and civilian targets. Cyber Live will enable students to grapple with a host of cyber-attacks ranging from social engineering through to steganography, deciphering encryption, bypassing authorisation measures, and intercepting network transmissions. Teachers and parents are encouraged to sign their students up for this unique and important cyber security event.