Government launches cyber security scheme to help SMEs

The fund is part of the $50-million Cyber Security National Workforce Growth Program that forms the federal government’s Cyber Security Strategy 2020.

Eligible activities may include developing and delivering specialist cyber security courses for professionals; retraining programs; professional development; apprenticeships; establishing new internships, cadetships, work experience and staff exchanges; and establishing cyber labs and training facilities.

Applicants must submit a joint application with one lead organisation, which is the main driver of the project and is eligible to apply, and at least one other project partner.

It is estimated that $13 million will be available for round one of the grants program, which closes on 11 March 2021. The second round of funding is expected to be launched later this year.

Minister for Industry, Science and Technology Karen Andrews said the funding would help build cyber security career pathways as Australia continues its comeback from COVID-19.

“The Cyber Security Skills Partnership Innovation Fund will support partnerships between industry, education providers and governments to build the next generation of cyber security experts,” Minister Andrews said.

“Cyber security is essential to our digital economy and needs to be strong in all areas, particularly in small and medium enterprises, which comprise 98 per cent of all Australian businesses.

“This fund builds on our commitment to keep Australians secure online, and to support building industry capability.”

Cyber security in focus

The move to bolster cyber security of businesses, particularly those in financial services, comes amid a heightened risk environment.

Several large players have been impacted by cyber attacks or incidents as a result of increasingly commonplace malware and ransom attacks.

On 15 January, the financial services regulator was reportedly made aware of a cyber incident relating to the Accellion software it uses to transfer files and attachments, including those on ACL applications. It has since updated its process for lodging ACL applications and attachments as it investigates the extent of the issue.

The breach is the latest in a string of cyber incidents impacting the financial services industry, after the Reserve Bank NZ and law firm Allens both suffered similar incidents in early January.

Indeed, in November last year, APRA executive board member Geoff Summerhayes warned that a major cyber breach in finance was inevitable.

Speaking last year, Mr Summerhayes outlined that while no APRA-regulated bank, insurer or superannuation fund had suffered a substantial cyber attack to date, he added that a lack of awareness among the higher ranks of companies will only make it a matter of time.

The surge in online activity through the COVID period had also presented a “business opportunity” for scammers and the like, he added.

CORIE is a pilot program of exercises that will use intelligence gathered on adversaries to mimic the way they operate.

The exercises will mimic the tactics, techniques and procedures (TTP) of real-life adversaries through the creation and utilisation of tools and using techniques that may not have been anticipated and planned for.

According to the CFR, these exercises aim to measure an organisation’s ability to identify, respond and recover from the operations of a real-life adversary based on such TTPs.

The program will include threat intelligence-led exercises to assess the overall maturity of a financial institution’s cyber defence and response capability.

[Related: New ACL application process following ASIC incident]