CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

6 Australian Public Sector Cyber Trends to Watch in 2023

As AISA’s Cyber Conference 2023 being held in Canberra March 20-22 approaches, I thought I would go over some of the hot topics that I expect delegates from Australian public sector organizations will be talking about at the event.

And just a quick aside, Trustwave is a keen sponsor of the baristas at this year’s Australian Cyber Conference and we hope to share a hot beverage (of your choice) with you, so please stop by to discuss some of the following hot button topics:

  1. Data is the New Uranium – For years, the message has been that data is the new oil. This comparison was rooted in the idea that, like oil, data is a resource that can power the modern world. However, as organizations around the world implemented big data strategies and stored all the data they could, they are now realizing that data is not the new oil; it’s the new uranium, with increased risk.

    Following on from significant telecommunications and insurer breaches in 2022, Trustwave expects there will be an increased focus on the type and amount of data stored in 2023. This extends to regulations the Australian government imposes on commercial organizations to store citizen Personally Identifiable Information (PII). It will be interesting to see how public and private sector organizations can work together to reduce the risk of citizen data being exposed. Key to minimizing risk is reducing the volume of data stored. Trustwave’s global head of consulting, Nick Ellsmore (he’s an Aussie!), introduced the concept of backburning your data at AusCERT2021 and his predictions for this year highlight how the very nature of storing data can be hazardous.
  1. Increase in Cyber WarfareCyberattacks of a geopolitical nature have grown this year, especially in the wake of Russia’s invasion of Ukraine. Trustwave’s elite SpiderLabs Threat Research team took a deep dive into the cyber weapons used by Russia to attack Ukraine. The team dissected the threat actors behind these cyberattacks and provided a timeline of events including technical analysis of the several malware types deployed.

    For Australian government organizations, a focus on keeping our own digital perimeters safe will not be enough. Trustwave has been busy delivering on Australia's International Cyber and Critical Technology Engagement Strategy initiative announced in 2021 to strengthen the cyber capability of our South East Asian neighbors - see the Trustwave team in action here. It’s been an honor for the team working on this Department of Foreign Affairs and Trade (DFAT) project in Solomon Islands, Samoa, Vanuatu, Tonga, and Fiji to contribute to Australia’s International Cyber and Critical Tech Cooperation Program. Trustwave’s work has included the deployment and configuration of SIEMs, network traffic collection and monitoring, endpoint security, and threat intelligence tools, and training. We have also delivered training for local technical specialists and senior government officials.
  1. Device and Third-Party Security – The use of third-party equipment in public sector networks is coming under scrutiny as could be seen with the removal of Chinese manufactured CCTV security cameras from Australian Department of Defence premises and other areas governmental offices. Departments should ensure that they have an Internet of Things (IoT)/Operational Technology (OT) policy in place that assesses the likely risk of exposure of devices, as well as ensuring service partners are also maintaining their security.

    Threat actors can easily take advantage of weaker service providers in the supply chain to breach government bodies or expose PII data. At a policy and practical level, the Australian government has been paying greater attention to supply chain risk for several years now but still this episode demonstrates the ever-increasing sensitivity of Government to supply chain risks.
  1. Critical Infrastructure – There has been significant discussion over the last six months of the changes to the Australian Security of Critical Infrastructure (SOCI) Act. There are still areas of the risk management program obligations of the SOCI Act that will need to be clarified. The Australian government has committed in the rules to creating guidance material to support their implementation, and hopefully this will help clarify some of the ambiguities we identified in this blog. We do know that the Cyber and Infrastructure Security Centre is continuing public webinars on risk management in February 2023, but the impact that the consultation process has had on updating specific guidance is not yet obvious.
  1. Security Baseline - Trustwave is seeing some clients place a focus on strengthening data literacy and cyber hygiene within their organizations. This focus is necessary as the security bar is being lifted higher by changes to the Essential Eight and the way its maturity is assessed. Expectations when conducting an Essential Eight assessment are evolving, with a greater onus on assessors gathering and using the highest quality evidence where reasonably practicable and less wiggle room for assessors. Upon concluding assessment activities, assessors will need to determine whether mitigation strategies were implemented effectively or not. This is requiring an uplift in the technical knowledge and skills of staff working on Essential Eight assessment.
  1. Crisis Simulation – For an organization to be resilient during a cyber crisis, key personnel must be acutely aware of their incident response plan roles and responsibilities before, during, and after a high-severity cybersecurity incident. A cybersecurity crisis scenario simulation can be invaluable to pressure test both the assembled teams and the documented processes designed for such circumstances. In a recent crisis simulation exercise, Trustwave helped the UK Ministry of Defence prepare to defend against a cyberattack.

If you would like to reach out directly with questions on these topics, Trustwave will be onsite at the conference, so feel free to reach out to me, Eder Plansky Silva, or any team member. I have recently been working in our global business and am now back in Oz with new insight for government clients.

If you’re interested in some of the things we’ve been working on relevant to Australian public sector orgs, check our quick links on this page.

Latest Trustwave Blogs

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More

Effective Cybersecurity Incident Response: What to Expect from Your MDR Provider

Companies engage with a managed detection and response (MDR) provider to help ensure they detect cyber threats before they do any damage. The "response" part of the MDR moniker is key to that effort,...

Read More

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More