CPA Australia senior manager of business policy Gavan Ord said the Australian Cyber Security Centre (ACSC) is warning that as a result of the conflict in Ukraine, the risk of cyber attacks on Australia-based businesses has increased.
“All Australian businesses should urgently adopt an enhanced cyber security position,” Mr Ord said.
“We are not aware of any specific cyber threats or incidents involving Australia, however, we have been advised that businesses overseas have been impacted.”
Mr Ord warned that Australian small businesses have low levels of cyber resilience and preparedness generally.
“This is an urgent wake-up call to them. They must take urgent action or wear the consequences,” he commented.
“While Australia is a long distance from the conflict, we are only a keyboard click away from malicious cyber actors. Cyber criminals can cause millions of dollars in damage and the loss of sensitive client and financial data.
“We’re encouraging businesses to seek advice from their accountant on improving cyber resilience in a heightened threat environment.
“Practitioners should use their client communication channels to advise their business clients of this risk.”
The ACSC said there had been a historical pattern of cyber attacks against Ukraine that have had international consequences that can inadvertently hit Australian businesses. Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities.
“The ACSC is aware of reporting that threat actors have deployed destructive malware to target organisations in Ukraine. This advisory provides additional indicators of compromise (IOCs) to assist organisations to detect WhisperGate and HermeticWiper destructive malware,” the ACSC said.
“Destructive malware can present a direct threat to an organisation’s daily operations, impacting the availability of critical assets and data.
“Organisations should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required.
“Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans.”
The ACSC has published Cyber Incident Response Plan – Guidance & Template to assist organisations in producing an incident response plan.
