Related ministers and contacts
The Hon Andrew Hastie MP
Assistant Minister for Defence
Ella Kenny 0437 702 111
8 April 2021
KYLIE GILLIES: Australians were shocked when a major cyber attack infiltrated federal parliament, and crippled a TV network. But these were far from isolated incidents with other recent high profile targets including the West Australian election, and one of Victoria’s largest hospital operators.
LARRY EMDUR: In fact, cyber attacks cost Australian businesses more than $140 million a year. Last year alone, there were more than 60,000 such attacks - that's one every 10 minutes. So, how seriously should we be taking the risk? And is there more we can do to keep our digital space safe? Let’s get some more, we're joined now by Assistant Minister for Defence Andrew Hastie who has responsibility for cyber security under the defence portfolio. Andrew, welcome to the show, thank you for joining us. Take us through these cyber attacks, is this the new normal for us do you think?
THE HON. ANDREW HASTIE MP, ASSISTANT MINISTER FOR DEFENCE: It is the new normal, Larry, and good morning to you Kylie. Australian have witnessed massive change in the last 18 months, firstly, we have migrated much of our lives together online because of the pandemic. So, everything from work to our social lives, to the delivery of essential services, whether it be banking, shopping, or whatever else we need, is now online. So we’re presenting a much bigger target as a country to cyber criminals. The second big shift is in the Indo-Pacific region, there’s a massive strategic realignment going on, we’re seeing increased geopolitical competition between nationstates, technological disruption and what we call coercive statecraft which is being conducted by countries in the pursuit of their national interest, and that includes things like espionage, foreign interference and cyber attacks. And cyber attacks are popular because they are low-cost, they are difficult to attribute to anyone and you can do them any time from anyplace. So we are much bigger target as a country and we are seeing a lot more malicious activity online in the cyber realm.
GILLIES: And we are seeing more and more of these attacks on businesses, media and even Parliament. Are they all linked?
HASTIE: Well, we can't establish a direct link but there is a general trend, and we need to start thinking about cyber as a battlefield. It can't be just thinking about our own security in private terms, we have also got to think about our digital sovereignty as a country. So whilst Australian’s at home need to protect themselves, businesses need to protect themselves, we also need to think about how we do it together as a country because as I said, we are a much bigger target now that we are living our lives online more or less.
EMDUR: Yeah, so if these hackers were ever able to invade our systems on this national scale, what would happen, what would that look like?
HASTIE: Well they could attack critical infrastructure and cause huge disruption. To our lives. For example, if they were to target the health sector or an airport or a power grid, in fact, in the Ukraine in late 2015 it is alleged that the Russian government hacked a Ukrainian power grid and shut the power off right in the height of winter. So we know what can be done to harm a country and that's why the Australian government is acting to protect ourselves with new legislation, the critical infrastructure legislation to make sure that our critical infrastructure, from data management, to the financial sector, to groceries, to water assets, is all protected and there is a heightened level of security around those key assets.
GILLIES: While some of the attacks are reported Andrew in the media and I guess that's because they are very visible, they have no choice but to be reported. How many more are we not seeing? That maybe you’re actually preventing?
HASTIE: Well Larry mentioned at the start that there were 60,000 reported to the Australian Cyber Security Centre last year, that is one every 10 minutes. But businesses alone, it is estimated, lost $143 million from just 4,245 attacks, that is an average of $33,000 per attack that is costs Australian businesses. We don't do the full extent of this but there are some things that we can do and they are quite simple. And today I want to encourage your viewers to take action, themselves.
EMDUR: Okay. And we will get to that in a second, but talk us through who exactly are these people, can it be just one person sitting in front of a computer somewhere or is it this slick, sophisticated organised agency sort of concept?
HASTIE: That's a really good question, Larry. There is a full spectrum from small-scale individual hackers to very sophisticated online criminal syndicates who steal your data or your personal information and on-sell it on the dark web, right through to very sophisticated state actors. The Prime Minister last year mentioned there is a state actor last year who is persistently targeting Australian businesses, our government and so, yes, there are a number of threats from very small individuals right through to large-scale operations.
GILLIES: Okay so clearly this isn't just something for IT managers to sort out. Some crucial things people at home can do to protect their information, you alluded to it, so what are some tips for us Andrew?
HASTIE: Number one, make sure you keep uploading all the security updates, or patches as we call them, on your phone, your tablet or your computer at home. Patch your security software often and regularly and look out for the updates, particularly on your apps because that is a backdoor hackers can get through. Number two, make your passwords complex, use a passphrase, rather. Simple passwords like password1234 won't suffice in this era, they have to be sophisticated passwords so I encourage your viewers to make them more complex. Number three, use multi factor authentication. What is multi factor authentication or MFA? It means that before you can login onto your email or your bank account, you need to present two bits of evidence, so for example, you might get sent a code via text by your bank before you are allowed to log into your bank account. Do business the people who use MFA or multi factor authentication. So they are three quick things you can do to protect yourself at home.
GILLIES: Okay Andrew Hastie, all very good advice, thank you so much for the tips this morning.
HASTIE: Thanks Kylie, thanks Larry, Pleasure.
EMDUR: Thanks for joining us.