How can Innovative, Technical Thinkers Outsmart Cybercrime?
NEWS - 01 Mar 2023
Cyber security is undeniably a top priority throughout political and business spheres and a continual ‘hot topic’ in the community. The announcements of organisational data breaches around the world are increasing. Australia’s role in managing the risk and impact of cyber security attacks is also in the spotlight, due to the massive Optus and Medibank data breaches in 2022 which saw millions of Australian customer accounts exposed.
According to globally renowned cyber security expert and media commentator Dr David Tuffley, innovation in cyber security is critical. He is particularly excited about the role innovative fields such as artificial intelligence and machine learning can play in securing data from cyber-attacks in the future. In this article, we speak to Dr Tuffley about the cyber security landscape in Australia, his work promoting innovation and investment, and how Lumina, in the Gold Coast Health and Knowledge Precinct (GHKP) provides the right environment for creative, innovative thinkers to collaborate on how to outsmart cybercrime.
Dr David Tuffley is a Senior Lecturer with the School of Information and Communication Technology at Griffith University, which is a key stakeholder collocating with ‘Lumina’. In this role, Dr Tuffley teaches ethics to IT students, and is involved with the Master of Cyber Security program, specialising in the governance and legality areas of cyber security. It’s a program that is growing in popularity and requires regular curriculum updates.
“My role is changing; I started five years ago now and it is evolving quite fast,” Dr Tuffley said. “That’s one of the challenges with this course – to constantly refresh the course content. It’s a challenging subject to teach because you must invest a lot of time to stay current with the latest developments in cyber security.”
With the recent increase in major cybersecurity incidents, Dr Tuffley has been particularly busy, with his expert opinion in high demand from the media. He is also seeing rapid growth in demand for cyber security-qualified people in the IT industry as cyber security threats continue to occur and become more sophisticated.
Cyber security threats are always evolving and becoming more sophisticated, as internet usage increases globally and digital technology advances. In the ‘Annual Cyber Threat Report 2022’, the Australian Cyber Security Centre (ACSC) received over 76,000 cyber-crime reports, an increase of nearly 13% from the previous financial year. Queensland (29%) reported disproportionately higher rates of cybercrime relative to its population.
“In Australia, we are lagging in some ways. The events last year with the Optus breach and then Medibank have brought it to the fore that big organisations are vulnerable and don’t have the cybersecurity defenses sufficiently strong to stop themselves from being hacked,” Dr Tuffley said.
He explained there were several complicated reasons why Australia is experiencing an increase in cybercrime.
“In Australia, we are an attractive target for cybercrime – we are a wealthy country, with a generally laid-back attitude. Most of the time cyber security breaches come from a so-called ‘social engineering attack’ when individuals have been ‘persuaded’ to reveal their login details – they’ve fallen victim to phishing.”
“And then there’s the dark web. One of the big challenges that have emerged lately is that cybercriminals can buy a kit on the dark web that allows them to run ransomware attacks. There has been an exponential rise in the number of people who are doing this sort of attack.”
Dr Tuffley explained that in many other countries, cybercrime is not policed, it is supported. In Russia for example, some cybercrime organisations are managed like legitimate enterprises, with sub-contractors supporting the business who have Key Performance Indicators (KPIs) to aim for.
The cost to organisations is huge. According to the Australian Cyber Security Centre (ACSC), on average, a malware attack costs a company over $2.5 million (including the time needed to resolve the attack), and ransomware is 57x more destructive in 2021 than it was in 2015. For customers, privacy and sensitive data theft is their major concern as they can be vulnerable to identity theft, financial fraud, or exposure of confidential medical information, as seen in the Medibank attack.
According to a 2022 PWC study, approximately half of the world’s hospitals experienced an IT shutdown because of a cyberattack in the first half of 2021. The critical nature of healthcare services and the shift to virtual healthcare makes these organisations a target.
Dr Tuffley also explained that the healthcare sector was particularly at risk because hospitals for example have stretched budgets, that are typically focused on items like essential medical equipment, and not cyber security and updates to IT infrastructure.
“A few years’ ago, a Queensland hospital was hacked, and it turned out that they were running a very old version of Microsoft Windows software, which was no longer supported and which left them vulnerable to a hack,” he said. “Unfortunately, if organisations wait for something to happen before they react, it’s too late. Organisations need to take a more proactive stance, realising that it’s not a matter of IF I get a data breach. It WILL happen at some stage. We need to get ourselves to the point where that data breach was anticipated and was interrupted quickly before too much damage was done.”
The ACSC leads the Australian Government’s efforts to fight cybercrime. They are a single point of contact that monitors cyber threats across the globe 24 hours a day, seven days a week. They collaborate with nearly 2,000 business, government, and academic partners on current cyber security issues.
“Australia is doing well in some ways. We have the current and previous Federal government funding cyber security and taking it seriously. Setting up and evolving the ACSC is an example of that, and I have confidence in Australia’s ability to match and overcome the challenge,” Dr Tuffley said.
To make this happen, Dr Tuffley believes Australia still has work to do to adopt a much more proactive stance towards cyber security, anticipating the problem that is inevitably coming and investing time, effort, and resources now. While we won’t ever be able to prevent 100% of incidents from occurring, it will stop a lot of attacks that would have otherwise succeeded.
“In a lot of organisations, the amount of money that’s allocated to cyber security is inadequate. Unfortunately, until there’s a catastrophic data breach, many organisations won’t have the awareness of the risk, or the funding to mitigate that risk,” he explained.
“There is a big opportunity for Australia to be more proactive. That involves having IT specialists sitting on the boards of organisations, and more people with technical skillsets entering politics as well. I think there’s a shortfall at the moment between how much of our lives are online and how much is done to protect it.”
A more proactive approach requires innovation, partnerships, and collaborations, to share information and best practices, and to jointly address common threats. Lumina on the Gold Coast provides the right environment for this to happen.
Lumina is an emerging health and innovation community where organisations can collocate with health, science, and technology leaders such as Griffith University, where Dr Tuffley is based, and Cohort Innovation Space. The latter includes three buildings dedicated to coworking, research, startup programs, and networking events to grow innovation on the Gold Coast. And there is space available for new ‘movers and shakers’ in IT.
“I see the Lumina set up as a ‘triple helix of cooperation.’ You have the government, startup companies, and academia all working closely together. If you have those three components, collocated working with each other, then that is known to be a successful formula for the type of innovation we need in the future,” Dr Tuffley said.
Dr Tuffley predicts the greatest opportunities for innovation in cyber security are within the fields of artificial intelligence (AI) and machine learning.
“AI has already been used in cybersecurity and it is doing a good job – for example, it reacts in milliseconds to an attempted attack. There are commercial organisations who are using products like this; however, it is a fairly new field, with wide opportunities,” he said.
“There are going to be some great opportunities for creative thinking technologists, and artificial intelligence specialists to think well now this is how we could use AI in cybersecurity in a way that has not been thought of before. It is going to have a usage in every field. And if we don’t do it now, someone else will.”
“It’s a great time for businesses in this space to consider collaborations or tenancy at Lumina. Experts are already there in the research field. And so are IT start-ups. And it’s growing. It is the perfect place to be.”
The Precinct offers world-class technical spaces, facilities, and equipment that are in demand from new tenants and industry and commercial partners looking for the ideal location to collaborate and develop new ideas. Lumina is the last remaining development-ready land within the GCHKP, and it is growing quickly.
Enquire here about purchasing land or leasing opportunities in upcoming developments.