Australia Provides Cyber Examination For Small Businesses And Mandatory Reporting Of Ransomware Attacks

Australian Prime Minister Anthony Albanese. (photo: x @albomp)

Australia's federal government announced a cybersecurity renovation on Wednesday, November 22 after a series of attacks. They stated that the government would provide cyberhealth checks for small businesses, increase cyber law enforcement funding, and introduce mandatory reporting of ransomware attacks.

The government also said that it would impose stricter cyber reporting rules for telecommunications companies, which apply to critical infrastructure. They will look for immigrants to strengthen cybersecurity workforce and set restrictions on sharing inter-agency data to encourage people to report incidents.

The plan, valued at USD 587 million (IDR 5.9 trillion), shows the left-handed government is seeking to take proactive steps after a year in which nearly half of the country's 26 million population has stolen personal information in just two data breaches at the company. Cyberattacks on its largest port operator this month also left the supply chain paralyzed.

"Our future cannot be continued as it is now," Cyber and Domestic Security Minister Clare O'Neil told reporters in Sydney.

"We cannot have a situation where data is moving across the country, where critical infrastructure is starting to fail, where small businesses and residents keep telling us they feel vulnerable and unable to address cyber threats themselves," said O'Neil.

"National security usually means "military assets in a traditional sense, but increasingly, we are talking about cyber... because of the economic impact it can have," said Prime Minister Anthony Albanese.

Cybercrime reports in Australia jumped nearly a quarter in the year to June, with average costs for victims rising 14%, as disclosed by the Australian Cyber Security Center in a report this month. They also noted that the new defense agreement with the US and UK made the country a bigger target.

In detailing the seven-year strategy, O'Neil said that although major companies were targeted by the biggest cyberattacks, they usually recovered, but attacks on small and medium enterprises could be fatal.

The Australian Securities and Investments Commission (ASIC) said this month that 44% of the companies surveyed had no plans to stop data breaches originating from supply chain partners.

The company supports the plan, saying some 2.5 million small and medium-sized businesses in the country are engine driving the economy but are largely unprepared for cybercrime.

"The small business sector is driving a huge economic growth but they continue to face worrying cybercrime rates," said Patrick Wright, head of technology and operations of the Australian national banking company (NAB.AX).

Badminton Tudehope, co-founder of Macquarie Technology, which provides data services for 42% of Australia's federal agency, said the strategy was a "unitary national effort" after the country's cyber policy became fragmented.

In the strategy, the government said it would create a single portal to report cyberattacks and form a "cyber rapid assistance" team to respond to incidents in the Pacific region, as well as identify network vulnerabilities.

The government will at the same time seek to reduce the number of customer data that must be stored by the company. Violations in 2022 at the second largest telecommunication operator, Optus, owned by Singapore Telecommunications, and the first largest health insurance company, Medibank Private, revealed information stored some years earlier, including data belonging to people who are not customers.