Australian businesses warned to prepare for cyber-warfare attacks
With the unfolding conflict in Ukraine posing heightened cyber-security risks to Australia, businesses have been urged to improve their cyber-security protocols and prepare for potential cyber attacks.
Speaking in a recent podcast, Major General (Ret’d) Marcus Thompson explained that Russia has extensive cyber capabilities and will look to weaponise cyber attacks in reprisal against Australia for supporting Ukraine during the recent conflict.
Dr Thompson said that Russians have been “masters in information warfare” for decades and have also been conducting these activities through cyber space for quite some time.
“[In] 2007, when the Estonians relocated a Russia Soviet-era grave marker, known as the Star of Tallinn – as in Tallinn, the capital city of Estonia – Estonia was subjected to some crippling denial of service, distributed denial of service attacks, DDoS attacks that targeted their parliament, government ministries, banks, and some other civilian targets,” Dr Thompson told director of Defence Connect Phil Tarrant.
“[In] 2008 when Putin annexed South Ossetia, the fight with Georgia that went for about 12 days, information warfare techniques were used extensively throughout that 12-day conflict and subsequently, in an effort to justify the actions that Russia had taken.”
Dr Thompson said Australian businesses should therefore be heeding the recent message from the Prime Minister to prepare for potential reprisals from Russia.
Businesses, he said, should be thinking about cyber security now and what might be necessary to prevent, minimise or respond to any incident directed at them.
“At the end of the day, the time for preparation is before, not during an attack or an incident. So, patching systems [...] so that your hardware and your software has the latest updates, and therefore the most recent security measures applied. Close the gap on any vulnerabilities that could be exploited by a threat actor. Be thinking about where you might be vulnerable, including into your supply chain,” warned Dr Thompson.
“With everything just so globally connected now, and especially with all of the global supply challenges that we’re all experiencing at the moment in the wake of the pandemic, [think about] where might you be vulnerable, both internationally and domestically.”
Business owners, he said, should also be looking at their business continuity plan and their incident management or crisis management procedures.
Dr Thompson also stressed the importance of workers being on the lookout for suspicious activity such as phishing emails containing links that give attackers easy access to systems.
He also discussed the importance of staying up to date with the Australian Cyber Security Centre.
“Subscribe to their threat updates, sign up as a partner so that you’re getting the most recent, current, contemporary information that the Australian Cyber Security Centre can publicly release,” he said.
It is also important to be conscious of what is posted on social media, Dr Thompson warned.
“What is being released to the internet that can be gained by anyone with an internet connection about our business and our workforce? A professional threat actor [...] with a targeting mindset can take all of that information, turn it around and use it to come back at us. How vulnerable are we? What are we posting? And what is our organisational social media policy?” he said.
“Are we happy that someone is presenting on Twitter or Instagram or Facebook as being an employee of ours and then talking about where they work, their pattern of life, when they arrive at work, when they don’t arrive at work, what they’re doing at work and what’s happening inside the walls of the business? Are we happy about all of that?”
You can listen to the full podcast here.
Miranda Brownlee
Miranda Brownlee is the deputy editor of SMSF Adviser, which is the leading source of news, strategy and educational content for professionals working in the SMSF sector.
Since joining the team in 2014, Miranda has been responsible for breaking some of the biggest superannuation stories in Australia, and has reported extensively on technical strategy and legislative updates.
Miranda also has broad business and financial services reporting experience, having written for titles including Investor Daily, ifa and Accountants Daily.