Consult Australia is keen to understand how you are responding and how we can help. Our Information Security Forum is highlighting the range of threats emerging for our members and the responses required, we are also seeing increased requirements through government tenders.

“The question isn’t whether our members will face cyberthreats, but when,” says Jonathan Cartledge, Consult Australia’s Chief Executive Officer.

Cyber-attacks are occurring with greater frequency, recovery costs are growing, and every Australian business is a target. The federal government’s Australian Cyber Security Centre (ACSC) receives a cybersecurity report every six minutes. 

The ACSC says the average cost of cybercrime for small businesses at $46,000 and $97,000 for medium-sized businesses. Calls to the Australian Cyber Security Hotline were up 32% last year.

In early July, the Australian Government warned that a state-sponsored cyber group in China has “repeatedly targeted Australian networks” and poses an ongoing threat to Australian businesses. But the risk from “state-sponsored actors” is less than the threats posed by social engineering scammers, the Forum heard.

“Businesses can't afford to sit back and wait for an incident. Preparation and proactivity are essential, which is why we have established the members-only Information Security Forum to build a network of businesses that can share insights and intelligence,” Jonathan says.

Fortifying against social engineering

Email compromise is the single largest cyber risk for businesses, according to the ACSC. Responding to this risk requires technology solutions, as well as human vigilance and education, Jonathan notes. 

“One of the most powerful insights from the Forum was that cybersecurity is not just a technology problem. It is a people problem that requires people solutions.”

Social engineering scams like ‘phishing’ often use fraudulent emails designed to trick recipients into revealing personal information or clicking on malicious links. Rather than relying on technical hacking skills, these scams exploit human psychology.

Breakthroughs in large language models like ChatGPT make it much harder for people to spot potential scams because they eliminate the usual signs, like spelling and grammatical errors, to present more convincing content. 

Generative AI tools can mimic voices, create deep fake videos or even clone handwriting. One report found the global incidence of deep fakes increased by a 3,000% in 2023.

“Forum participants explored how to create a culture of scepticism and verification as a powerful defence, and how to train employees to recognise the psychological tactics used by scammers.”

Building strong cyber defences together

How can Consult Australia respond? Jonathan has “two clear asks” of members.

“First, please let us know what resources we could develop to help you. Do you need a standard policy on employee use of ChatGPT? Are you looking for new connections with cybersecurity professionals? Would you benefit from training sessions or special events? We are keenly interested to understand your needs so we can better support you,” he says.

The second request is for members to share their experiences of preparing government tenders. Some Forum participants noted the challenge of addressing numerous cybersecurity questions, each with nuanced wording or specific requirements.

“We will be advocating for governments to standardise and streamline cybersecurity questions in tenders, so there are five not fifty different variations. This approach will ensure the right level of inquiry and ensure all businesses are not overwhelmed with an additional burden.”

Members who have an interest in this space and the Information Security Forum can contact the Consult Australia team. 

Contact Kristy Eulenstein, Consult Australia’s Head of Policy and Government Relations to share ideas on resources, provide feedback on government tendering or otherwise contribute to Consult Australia’s work on cybersecurity. Small business members are encouraged to download the Australian Cyber Security Centre’s suite of resources for small businesses.