Client Update: sophisticated threat actor behind cyber-attack on Australian businesses


19 June 2020
Today Prime Minster Scott Morrison reported that a sophisticated threat actor – believed to be a nation state – is systematically targeting Australian businesses of all sizes with cyber-attacks. 

What does this mean?
Cyber threat actors vary greatly in the sophistication of their capabilities – the more sophisticated the actor the greater their ability to compromise the confidentiality, integrity, or availability of data or ICT systems.

While the COVID 19 pandemic has not materially changed the nature of cybersecurity vulnerabilities, it has greatly enlarged the attack surface because significantly more work is being conducted remotely.

The PM’s announcement today should serve as a prompt to review and enhance your cybersecurity arrangements to ensure that the information you hold about your business clients, and service providers is adequately protected. 

What should I do?
While any ICT system can be broken by a sufficiently motivated and resourced actor, there are a number of easy steps to take to lower your risk profile and minimize potential liability: 

  1. Talk to your ICT team or service provider today about implementing the Essential 8 Cybersecurity Maturity model.

  2. Review your cyber security insurance coverage.  

  3. Review and update your Data Breach Response Plan to ensure it reflects any significant changes in your work processes, including remote working arrangements or employees using their own devices.  

  4. If disruption to the availability, integrity, or confidentiality of data you hold would be catastrophic for your business, consider engaging cybersecurity specialists to assist you with technical and organization measures to further enhance your security. 

If you would like further guidance or advice on compliance with privacy and data security law and minimizing potential liability flowing from a data breach, contact our privacy and data security lawyer, Sam Hartridge here