Australian companies have been too ‘trusting’ of potential cyber threats, but that’s starting to change
Link copied to
Australian company Veroguard is one of a number of local players positioning for growth in the cybersecurity sector.
And speaking with Stockhead last week, co-CEO Nic Nuske said Australia was still playing catchup to global peers when it came to preparedness for potential attacks.
“What we’ve seen is that a number of organisations, including government agencies, are talking about how Australia is unprepared for cyber attacks,” he said.
“And what the research was saying is that culturally, Australia has always felt relatively isolated and protected by the government and allied countries.
“With that remoteness, the result is that we’ve become aware of the threat, but we’re also still relatively trusting that the support we get helps us to be protected.”
Recently though, statements from a number of senior government officials (including Scott Morrison) have raised a sense of urgency around the threat faced by Australian companies.
“What’s important is not to go back into the belief that because government is more involved, that we shouldn’t ignore other messages about adopting security measures for ourselves,” Nuske said.
“There’s been a number of examples over the last 10 years where after a breach, the company in question will end up either dramatically changing their business, or making it so fragile it’s impossible to recover.”
Among more recent cases, Nuske cited the two attacks in June this year against beverage company Lion Nathan, and an April 2020 ransomware attack against financial services MyBudget, which left 13,000 customer accounts exposed.
He also said that since the onset of the COVID-19 crisis in February, the FBI had seen a “four-fold increase” in the number of successful attacks in the US.
Ultimately, Nuske said the main target of cybercrime was credentials — accessing or duplicating the identity of individuals or employees, which makes up around 80-90 per cent of cyber attacks.
In that context, the disruption caused by the virus has created a “massive opportunity” for cybercriminals. “The support services for managing networks — whether it’s banking, retail, logistics or health — have become incredibly stretched,” Nuske said.
“People are going to make mistakes when they’re stretched, particularly when the mechanisms around cybersecurity are designed for closed networks, not open.”
In that context, Nuske said the creation of stronger identity networks was an important next step for Australian companies.
As a global comparison, he said the eastern European country of Estonia was regarded as a leader in the field — the result of a coordinated policy response around the establishment of a “robust identity framework”.
Veroguard is now in the “early stages of commercialisation” for its VeroCard product, which centres around the creation of a unique digital identity for individual users.
A publicly unlisted company with around 200 shareholders, Nuske said Veroguard was targeting a dual-listing on Singapore’s SGX and the ASX over the next 12 months, to provide a stronger launchpad into the Asia-Pacific market.
Along with a cloud computing initiative with the CSIRO’s Data61 innovation hub, Nuske said the company worked with customers across government, corporations and small businesses.
“A good example is Microsoft — there’s around 1.3 billion Windows users globally, which makes it a popular attack vector for cybercrime but it’s also an essential channel to reach the market,” he said.
“So our partnership is about helping companies on their marketplace to secure those credentials and get the benefit of the platform without the threats.”