By Brad Howarth, tech writer
Australian organisations are experiencing unprecedented levels of cyber-attacks.
In the second half of 2022, five data breaches each impacted one million or more Australians. In total, 497 incidents were reported to the Office of the Australian Information Commissioner during that six-month period, a 26 per cent increase on the first half of the year.
This figure also doesn’t include the many hundreds – or possibly thousands – of cyber-attacks that go unreported each year. While the scale of these unreported attacks might be smaller, their impact can be no less devastating for the organisations and individuals involved.
For business leaders today, it is more important than ever that they take appropriate steps to defend their organisations from cyber criminals. But with the diversity, sophistication, and sheer volume of attacks growing each day, it is hard for any one organisation to stand against the onslaught.
The good news however is that in the fight against cybercrime, no one needs to stand alone. Because when information about cyber threats and responses is shared within a community, all community members stand to benefit.
This idea of defence through information sharing is the key principle behind CI-ISAC – the Critical Infrastructure – Information Sharing & Analysis Centre.
From its headquarters on Queensland’s Sunshine Coast, this membership-based not-for-profit organisation is facilitating the sharing of information relating to cyber-attacks among a fast-growing community of members. By doing so, it is helping them better anticipate, mitigate and respond to cyber threats.
Experts in action
The strength of the CI-ISAC model comes from the knowledge that cyber criminals often use the same techniques to not only target organisations within a specific industry sector, but across other sectors.
CI-ISAC is the only cross-sectoral ISAC in the world. By taking a cross-sectoral approach CI-ISAC is able to bring threat intelligence to different industry sectors potentially before they have come under attack.
When a single organisation alerts CI-ISAC to suspicious activity, teams of specialists at CI-ISAC assess that threat and alert other members to the danger, providing them with relevant instructions for threat detection and response.
Another key strength of the CI-ISAC model is that it is easier to defend against a known threat than to try and defend against every possible threat. Modern organisations have limited skills and budgets for cyber defence – especially the smaller ones that comprise the bulk of the Australian economy – and it is critical that these resources be directed to defend against quantified and credible threats.
Led by a team with extensive experience in cyber defence in both the public and private sectors and governed by an elected advisory council comprised of representatives from 12 industry sectors, CI-ISAC combines the technical cyber experience and the industry sector knowledge needed to meet the needs of members.
The benefits of CI-ISAC’s information sharing and analysis model are well understood within the cyber security industry, with a recent report from Deloitte, Information Sharing and Analysis Centres (ISACs) – The next generation of security resilience for Australian industry, highlighting its potential to provide the next generation of the uplift of Australia’s cybersecurity resilience.
Cyber threat defence
Defensive strength through membership
CI-ISAC was established to support the needs of organisations that are described in the Australian Government’s Security of Critical Infrastructure (SOCI) Act 2018.
These include organisations in 11 “critical infrastructure” industry sectors such as health, communications, financial services, transport, energy and food and grocery businesses. Each of these sectors has been identified as vital to the Australian economy and represents high value targets for cyber attackers.
While the SOCI Act places the obligation on larger organisations to protect themselves from attacks, the reality is that any organisation could be a target, regardless of its size or sophistication.
A challenge for business leaders in these critical sectors is knowing how best to invest in appropriate cyber defences.
Membership in CI-ISAC provides organisations with the opportunity to participate in what will become Australia’s largest network for threat intelligence sharing and by doing so, gain access to knowledge and practical advice that can prevent them from becoming the latest statistic in the never-ending war against cyber criminals.
CI-ISAC works by gathering reports of suspicious and threatening activity from its members, which are then analysed by CI-ISAC’s threat intelligence specialists to determine the credibility and severity of each threat.
This qualified intelligence is then distributed to members to alert them to the threat and provide them with appropriate responses. Because CI-ISAC’s researchers are able to interpret the specific context of different threats, in terms of who they are targeting and how they work, it is able to determine which organisations are most likely to be impacted and advise on appropriate steps they can take to avoid falling victim.
This response includes advice for detecting whether the organisation has already been compromised, along with information on how to recover.
Critically, information is designed to be consumed and acted upon by non-technical professionals, ensuring organisations of all levels of sophistication can benefit from CI-ISAC’s threat intelligence. Furthermore, threat intelligence is only shared with those members for which it is relevant, so vital information is not buried within an avalanche of communications.
The CI-ISAC model ensures that not only do members gain access to localised and relevant threat data in a timely manner, but they have the capability to do something with it.
Membership in CI-ISAC is available to all organisations within the industries described by the SOCI Act, regardless of size, as well as all local government agencies across Australia, with all members receiving the same quality of threat intelligence.
CI-ISAC has two main methods for sharing intelligence on cyber threats.
- Fortnightly threat intelligence webinars, where CI-ISAC specialists share information on their observations of threat activity in the business community, including active cybercrime campaigns and the latest or most active malware.
- The webinars are accompanied by summarised information and advisories, including intelligence on the priority of different threats, enabling members to better understand how to deploy their own resources to best detect threats and then defend themselves.
This includes information on practical steps that members can take to prepare for, detect, and defend against this criminal activity. If CI-ISAC detects a threat that will imminently impact a specific member or class of members, it will contact those members directly.
Importantly, CI-ISAC will only distribute information that is relevant to members, eliminating the possibility that important alerts might be lost amidst a sea of irrelevant information.
The goal is to be targeted and specific rather than generic and irrelevant and to ensure the time that members put into their interactions with CI-ISAC is properly rewarded.
Members can also gain access to more detailed technical information on threats and remediations should they require it.
When a cyberattack is successfully launched against one organisation, attackers will often assume that the same approach will prove successful against similar organisations. This makes the need to quickly share intelligence a critical factor for enabling the largest number of organisations to stay safe.
The CI-ISAC model ensures every member becomes the eyes and ears in an intelligence gathering network that can quickly identify and report threats. By providing a centralised mechanism for collecting and analysing threat intelligence from the broadest group of organisations, CI-ISAC can provide timely intelligence to help its members understand and prepare for attacks before they take place.
And by taking a non-technical approach to cyber defence, it can also ensure they have the capability to act on that intelligence.
This model of providing threat intelligence in a timely and actionable manner means CI-ISAC can strengthen the defensive capabilities of all Australian providers of critical infrastructure, regardless of their size.
Not only can CI-ISAC stop organisations from falling victim to cybercrime, it can also play an important role in the collective defence of the Australian economy.