Kmart, MYOB, Vic Uni and Vic Dept of Health on the cyber risks Aussie leaders must confront скачать в хорошем качестве

Kmart, MYOB, Vic Uni and Vic Dept of Health on the cyber risks Aussie leaders must confront

In this Security Edge panel, security leaders from healthcare, retail, education, and technology revealed the top risks and priorities before 2026. Jason Murrell, renowned cyber security advocate and consultant, Emily Mailes, Chief eHealth Strategy Officer at the Victorian Department of Health, Samrat Seal, Head of Transformation and Governance at Kmart Group, Peter Wolski, General Manager of Reliability and Security at MYOB, and Tara Dharnikota, Chief Information Security Officer at Victoria University, discussed the realities of ransomware, human risk, and regulatory pressure shaping Australia’s security landscape. Ransomware remains one of the most persistent and costly threats, with healthcare among the hardest hit. In Victoria, 15% of public hospitals went offline during one of Australia’s largest ransomware incidents, taking months to recover. Despite this, readiness varies widely across the state’s 70 health organisations, where ICT and security teams may operate collaboratively or in silos. Panellists agreed that tested backups, asset visibility, and network segmentation are still the most effective defences. They noted how attackers now use ransomware-as-a-service models, professional negotiation tactics, and dual extortion methods prioritising data theft and public exposure over simple system lockdowns. Across sectors like higher education and retail, resilience and recovery planning are now valued as much as prevention. Regular tabletop exercises involving boards and senior executives are critical to strengthening communication and decision-making under pressure. Human behaviour remains a major weakness, with studies showing 60% of employees knowingly bypass cyber policies when they hinder productivity, particularly in hospitals. Many organisations are embracing security by default, reducing reliance on individuals through automated controls like multi-factor authentication (MFA) and embedded guardrails. However, MFA adoption remains uneven, as retail balances strong authentication with customer experience and universities face cultural resistance. Regulatory and third-party risks are growing. Frameworks such as APRA CPS 230 are tightening operational and supply chain resilience standards, prompting organisations to reassess third-, fourth-, and fifth-party dependencies. Leaders are refreshing risk frameworks, implementing AI-driven continuous monitoring, and adopting Software Bill of Materials (SBOMs) for greater transparency. As ADAPT data shows, most organisations rate themselves below five out of ten in using or defending against AI-driven attacks, exposing a maturity gap despite years of exposure to AI in cyber security tools. The panellists warned that compliance alone does not equal resilience, since many suppliers self-attest to security posture. Instead, organisations must plan for failure, maintain tested supplier outage playbooks, and treat cyber resilience as a shared responsibility. As one participant concluded, resilience depends on a shared fate mindset, where organisations and vendors rise and fall together in today’s interconnected landscape. Key takeaways Ransomware readiness drives resilience: Victorian healthcare remains a major target, with 15% of public hospitals taken offline in a single attack. Uneven preparedness across 70 health organisations highlights the need for tested backups, network segmentation, and stronger ICT–security collaboration. Human behaviour is the critical weakness: Around 60% of employees knowingly bypass cyber policies for convenience, prompting a shift to automated, security-by-default measures such as MFA and embedded system safeguards. Cultural and usability barriers still limit full adoption. Compliance does not equal resilience: With APRA CPS 230 enforcing tougher standards, organisations are investing in AI-driven monitoring, refreshed third-party frameworks, and SBOMs for transparency. True resilience requires tested incident playbooks and a shared fate approach across supply chains. Join our community to get regular ADAPT insights in your inbox: https://adapt.com.au/subscribe-to-ada...