What Industrial Cybersecurity Looks Like Through COVID-19 in Australia

The digital lifestyle is incredibly useful for customers. But for big industries, it now means building a whole new structure to protect tons of data and operational security for better cyber attack detection.

With a shift in industry dynamics due to the onset of the pandemic, the cybersecurity industry had to react with a promptness like no other. Adjusting to the ‘new normal’ wasn’t easy and knowing that a multitude of industries were relying on cybersecurity technology and their service providers to follow through immediately and efficiently, called for an internal structural shift. Evolving into a majorly remote workforce and promoting a seamless transition was vital, as each employee was uprooted from a daily routine into an unstable environment. Beyond an open mind to change, the cybersecurity industry needed brand-new solutions to combat threats that appeared to prey on the chaos that was created.

Over 45 pandemic-themed cybercrime and cybersecurity reports were reported to the Australian Cyber Security Centre (ACSC), and over a 100 were reported to Scamwatch within a span of 15 days in March 2020. The national and state government sectors were the hardest hit, followed closely by the education & research sector, health sector, banking sector and retail sector. Remote workers became the prime focus of several financially motivated crimes while sophisticated attacks were planned to target national databases to debilitate Australia’s national security and economy.

E-commerce and businesses were next in line to come under fire, due to the rise in online shopping — the retail sector (especially online sales for brick and mortar stores) saw an increase in sales shoot up by a whopping 100% since March. The pandemic has pushed industries to rapidly evolve and sales, marketing and management has seen more change in the last five months than it has in the last five years. For consumers, this meant convenience like never before. But for industries, this often meant building a whole new structure to enable a digital experience for their consumers, a feat that would often require a lot more approvals or official sign offs prior to a remote workforce. This sudden shift has resulted in massive security loopholes, especially in the case of SMEs who believe they aren’t ‘big enough’ to garner attention from hackers. Yet, in 2019 itself, 62% of small businesses reported they had previously been a victim of a cybersecurity incident according to the ACSC.

This new level of reliance on transient digital solutions catered towards us has also led to a massive volume of new data being generated and exchanged. With online banking and flexible loans, online ordering and delivering of groceries, remote learning and online classrooms, medical advice over a phone call, and manufacturing supply chains becoming increasingly digitised — there’s a data boom, if anything. The rate at which the digital lifestyle is becoming the norm is incredible but like all good things, it comes at a price.

Australia’s response to the cybersecurity crisis in COVID-19

McKinsey reports that companies relying or managing supply chains are looking at losing half a year’s worth of profits, over a decade. Beyond COVID-19, cyberattacks on the hastily put-together remote workforce has caused a fair amount of disruptions too, resulting in even larger economic losses to companies.

In an effort to take industrial cybersecurity more seriously for both, national security as well as an Australian individual, the government has worked towards a new Cyber Security Strategy for 2020. A quick overview reveals the following key takeaways:

  • Building towards stronger digital ecosystems (Government-focused)

A more secure world for Australians stems from Government initiatives towards the same. Protecting Australian government data is high on the list, along with protecting critical infrastructure and strengthening cybersecurity partnerships. Initiatives also largely target corporations and SMEs with funds being put in place for both to support them, if they lack the resources to implement secure systems and practices themselves. Based on the industry and business conducted, a certain standard of cybersecurity will have to be met.

  • In-house security and training (Business-focused)

As mentioned earlier, new security obligations will be put in place for designated organisations based on the data procured within the company. Beyond large-scale security initiatives, the government is keen on growing a skilled workforce by supporting SMEs to train staff as well as put strong security structures in place. Businesses are expected to secure their products and services and protect their consumer’s data from online threats.

  • Building a cybersecurity culture (Community-focused)

Protecting Australia from cybercrime starts with each individual growing aware of the problems on hand. Access and guidance towards cyber security information and helping consumers understand the basics of cybersecurity etiquette is possibly the best step Australia could take towards shutting down cyber scams. Some basic etiquette includes treating suspicious messages with caution (don’t click on random links!), avoiding financial or personal transactions while on public or free Wi-Fi, using strong passwords, and reporting new scams where possible. As a community, we need to start practicing secure online behaviour; especially if we’re experiencing the largest digital transition yet.

Overall, the government’s three-pronged strategy appears to be a straightforward and effective answer to avoid potential industrial cybersecurity disasters — if companies are willing to adhere to the guidelines. For a more detailed read or further information, Australia’s Cyber Security Strategy 2020 is available here.

As a business owner or employee, be open to having a conversation about cybersecurity and push for more secure systems to be put in place. Empower your workforce with basic cyber safety practices, upgrade your security skills and stay aware of the latest scams within your industry. Awareness is often key to prevention — if you’re suspicious of a link via email or text, always go to the official source manually. If it’s a company email, talk to your superior, if it’s your bank, visit the official website or give them a phone call. Always remember to report any scams as well, it helps us win this fight together, one small step at a time.

At Kaspersky, we understand that within the industrial sector, every minute matters, there’s very little room (if at all) for error. Operations are an integral aspect of each industrial organisation. Keeping the above in mind, the Kaspersky Industrial CyberSecurity technology we provide, isn’t merely IT that helps protect against threats — a key component of it is operational technology (OT). Working with the right security service provider is crucial for the industrial sector, when business continuity is what your business strives for. With Kaspersky Industrial CyberSecurity, operational management is not just easier, it’s a whole lot more efficient. Catching the slightest irregularity in the system before it turns into a motion-stopping issue is what we do best; in the past Kaspersky Industrial CyberSecurity has been the optimum choice to help prevent cyberattacks upon internal staff computers that could have potentially affected a whole production system.

It’s about more than just a desktop device, it’s about securing entire lines of systems like production equipment, critical infrastructure, and industrial equipment. It’s about doing a clean sweep of every device; portable or connected, to secure your system and handle risk management. We further supplement our technologies with designs specifically for industrial environments such as integrity checks and semantic monitoring of process control commands; adaptable to each system Kaspersky Industrial CyberSecurity is required to work with. It also features a special monitoring mode developed to detect cyberattacks, employees’ operational errors and anomalies within industrial networks.