Cloud adoption is accelerating rapidly within public sector organisations of all levels. Most state governments have also adopted a cloud-first strategy, setting a goal for all agencies to adopt public cloud for a minimum of 25% of their IT services by this year.
For the government sector across Australia, cloud technology represents new opportunities. Transitioning from traditional IT infrastructure to a more flexible and adaptable operational environment improves productivity, reduces IT costs and provides a platform for innovation and next-wave technologies.
These advances in uses of the cloud will become ever more vital in enabling digital business transformation and meeting the increasing demands of citizens. Despite the cloud-first policies in some jurisdictions, most organisations don’t consider policy compliance a key driver in their cloud adoption journey. This implies a greater awareness of the benefits of cloud technology rather than organisations transitioning to the cloud purely as a compliance measure.
Cyberattacks have led the Australian government to tighten legislation that protects critical infrastructure, building on previous laws. The Security of Critical Infrastructure Act 2018 established ownership and operations of certain infrastructure assets. The more recent law requires organisations with critical infrastructure to mandatorily report incidents of cyberattacks within 12 hours of the incident taking place.
Another crucial aspect is functionality. Public sector organisations require a fully integrated, digital customer service capability as they face growth challenges in service expectations and delivery costs. In November 2018, The Federal Government’s Digital Transformation Agency released a new strategy with a vision for the Australian government to become one of the top three digital governments by 2025.
Guiding Public Sector Leaders Towards Greater Use of Cloud Technology
Australia’s cyber challenges continue to increase in complexity in an evolving security environment. Data protection and security are crucial to the operations of public sector organisations, owing to the confidentiality of citizens’ personal information. In addition, other confidential information, such as interactions with government agencies, require sovereign cloud protection to protect it from third-party vulnerabilities.
Public sector organisations are on the verge of unlocking the full benefits of cloud technology. Statistics show that surveyed public sector leaders agree that procurement processes need to be modernised, encouraging the government to invest in upskilling its workforce.
For a successful transition to the cloud, government sector considerations include finding the right opportunity with prior preparation, risk management, financial considerations, and upskilling staff.
The cyber security skills gap has widened rapidly, as new research suggests the industry could see up to 30,000 unfilled positions in four years. As Australian public and private organisations increasingly adopt digital transformation, we need to ensure we have the workforce capability to meet our nation’s cyber security needs. According to Digital Pulse, the tech sector needs to expand to 1.2 million workers by 2027, allowing the government to protect our nation’s IT systems.
The threat of ransomware attacks against public sector organisations in Australia is accelerating. In departments like Health and Defence, the security of data and protection from cyber threats can potentially endanger the lives of Australian citizens.
Recent data from the Australian Cyber Security Centre (ACSC) states an increase of 13% in cyberattacks within a year, with 25% of attacks directed at critical public infrastructure. ACSC advises Australian organisations to urgently adopt an enhanced cybersecurity strategy to improve their resilience within a heightened threat environment.
Increasing CyberSecurity Challenges for Public Sector Organisations
With the increase in digitisation, there has also been an increase in cyber threats from cyber criminals seeking to exploit our increased reliance on the digital environment to steal sensitive data and intellectual property. As we rebuild our economy after the pandemic, there is a new sense of urgency to build confidence and regain public trust in critical services, improving the security fabric for Australia.
The Australian Cyber Security Centre (ACSC) reported more than 67,500 cybercrime attacks in the financial year 2020-21, recording an increase of 13% in one year. About a quarter of these cyber-attacks targeted Australia’s critical infrastructure organisations, risking essential services such as health, education, electricity, communications, water and transport. These statistics imply that an essential service or critical infrastructure was a victim of a cyber attack every 32 minutes. The organisations have self-reported losses of over $33 billion, with medium-sized enterprises as the biggest victims.
Along with the cyber skills gap, the lack of awareness about cyber security threats among board and senior executive levels leads to reduced alertness and weakened strategies. While larger organisations have access to resources to be better prepared for such events, smaller organisations may not have the same level of expertise and capability, increasing their vulnerability.
With the increasing scale and sophistication of cyber threats within the public sector, the Australian government has developed the Cyber Security Strategy 2020. The primary aim is to create a secure online world for Australians, their organisations and essential services. It will invest $1.67 billion over ten years, adding new laws and bills to strengthen this strategy.
Introducing New Laws and Amendments for Improved Cyber Security Initiatives
Security of Critical Infrastructure Act 2018 was passed in July 2018 to strengthen the security landscape of critical infrastructure in Australia. The Act considered four sectors – electricity, water, gas, and ports. The Security Legislation Amendment (Critical Infrastructure Protection) Act 2021 brought significant changes to amend the SOCA 2018 and was passed by the Parliament in March 2022. It builds on the foundation of the previous Act and expands the four sectors to eleven sectors, including higher education, communications, defence, transport, space, etc. The primary purpose of the reforms is to provide the framework for risk management and national security in critical infrastructure.
It will involve better transparency of ownership and operational control of critical infrastructure, driving improved collaboration between all levels of government, regulators, owners, and operators of critical infrastructure.
The SLACIP Act requires organisations within the 11 sectors to report critical and other cyber security incidents to the Australian Cyber Security Centre, taking steps to review and strengthen their cyber security capabilities while implementing risk management programs.
The Academic Centres of Cyber Security Excellence (ACCSE) launched a four-year program in April 2016 as a part of Australia’s $230 million Cyber Security Strategy. It’s intended to help build Australia’s capability in cybersecurity by encouraging more students to undertake studies in cybersecurity, increasing the number of highly skilled post-graduates to tackle emerging cybersecurity challenges.
Existing Cyber Security Initiatives in the Public Sector
Resilience will be critical in the face of growing threats. Other than the pandemic and the economic downturn, 2020 has seen a surge in cyberattacks, ransomware, and data breaches. Developing a cyber-smart workforce for the Australian Public Sector will be a challenge but also an incredible opportunity to lay critical foundations for rapid economic recovery.
Organisations need to review their current cyber awareness and introduce training and communications strategies to align with their business as they create a new hybrid workforce. With weakened strategies, cyber attacks can cause financial loss and significant reputational damage. Every business must implement a Comprehensive Cybersecurity Incident Response Plan (CIRP) to mitigate the damage and being the recovery process immediately. The recovery phase is the final layer of cybersecurity strategies that helps restore data and ensure business continuity.
With cloud backup and disaster recovery solutions, organisations can store their data in scalable and sovereign cloud environments and ensure business continuity even when their business is at its most vulnerable.
The Australian Government Cloud Computing Policy aims to leverage cloud computing technology in the public sector, thereby setting an example for other Australian organisations to reduce IT costs, improve productivity, and develop better services.
The Increasing Need For Cloud Security
While remote working generated many cybersecurity trends, it also created a greater dependence on cloud solutions. Rapid cloud migration has become a key focus over the past two years.
Even leading cybersecurity defence strategies are no match for some advanced ransomware campaigns. With attackers targeting backups, organisations need to focus on advanced security measures to protect their sensitive data and workloads.
Understanding the emerging data protection and cybersecurity challenges is crucial before switching to cloud platforms. With multi-cloud environments, enhanced Artificial Intelligence (AI) capabilities, and an increased demand for cloud-to-edge applications, cloud technology can offer endless benefits ranging from limitless scalability and agility to sovereign data protection.
As Australian organisations mitigate ransomware risk with strategic cloud solutions and new-wave technologies, they can prevent – or at their worst – recover from a cyberattack.
Accelerate Your Cloud Adoption Journey with AUCloud
The benefits of cloud technology are well recognised. Government sector decision-makers have leveraged endless advantages such as improved agility with scalable operations during peak demand, improved productivity, streamlined processes, improved reliability and data security. In addition, the cloud is a platform for the future, serving as the foundational technology for various emerging new-wave technologies ranging from virtual reality to artificial intelligence.
With Australia’s increasing focus on data protection and sovereignty, a seamless transition to a sovereign cloud environment is one of the key initiatives for public sector organisations. It ensures that all your sensitive data remains in Australia and is only ever subject to Australian jurisdiction control.
As the first VMware Sovereign Cloud Provider in Australia, with hardly a few VMware Providers recognised in this space, AUCloud offers sovereign cloud-based solutions so organisations can mitigate the risk of cyberattacks while leveraging limitless scalability, high-speed data transfers, improved efficiency, minimised downtime, and sovereign data protection. With WMware tools, you can ensure a seamless transition of your sensitive data and organisational workloads to the cloud with the assurance that your data stays in Australia – always.
If you want to discuss how prepared your organisation is for a cyberattack, talk to an AUCloud representative and accelerate your digital transformation today. Contact us at 1800 282 568 or email us at [email protected].