How zero trust architectures can fortify Australia’s cyber landscape


Remote access technology creates risks and can exacerbate existing vulnerabilities.
Remote access technology creates risks and can exacerbate existing vulnerabilities.
Remote access technology creates risks and can exacerbate existing vulnerabilities. | Photo by Christian Ohde/McPhoto/ullstein bild via Getty Images

Threat adversaries are becoming more sophisticated, with their attacks resulting in a substantial impact on organisations and their stakeholders. As workers leverage SaaS and cloud applications across a broader range of devices in this new remote and hybrid work paradigm, new attack surfaces are created that cybercriminals can easily exploit. 

Remote access technology creates risks and can exacerbate existing vulnerabilities. In the 2022 VPN Risk Report commissioned by Zscaler, more than four in ten organisations have witnessed an increase in exploits targeting VPNs in the last year. 

Recent data from the Federal Government’s Australian Cyber Security Centre (ACSC) has found that cybercrime is reported every seven minutes on average in Australia, a dire warning of the growing vulnerabilities within the country. In the past few months, Australia has become a major target for cybercriminals with several high-profile breaches that have exposed the sensitive data of millions of Australians. Over the 2021–22 financial year, the ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. 

The nature of crimes, and malicious cyber actors are advancing. It is critical for Australian organisations to shift their practices and think about the paradigm of zero trust; shifting from the network mindset to protecting the application from every access point. 

Cloud Apps leaving Australians vulnerable 

Last month, the Zscaler ThreatLabz research team released its 2022 Data Loss Report, which found that 36 per cent of cloud application data is accessible via the open internet. The report also found that personally identifiable information (PII), such as government IDs, account for over 84 per cent of data-sharing violations globally. This significant finding highlights the vulnerable cyber climate. The release of such data holds great value to criminals and can lead to identity fraud, social engineering, credential theft, and ransomware.

Customers have the right to have their data protected. The recent breaches in Australia can lead to heightened anxiety, lack of trust in organisations, permanent reputational damage, and significant loss in revenue. Analysis of nearly 6 billion data loss policy violations revealed that organisations experience an average of 10,000 potential data loss events daily, resulting in an average loss of $4.35 million per breach.

Zero trust architecture needs to be implemented

As a modern nation, Australia is highly mobile and cloud-centric, with the internet now the communications backbone. It is vital for organisations to modernise their cybersecurity architecture. The adoption of the cloud has given users an immense amount of agility and scale. This new way of hosting and consuming services requires organisations to think beyond the corporate perimeters and evaluate new distributed access points.  

When evaluating the latest cyber domain, organisations are posed with new attack surfaces. The popular VPN is not zero trust as it provides more access than is required to an organisation’s environment. With increased risks, threats and business change, organisations are evaluating the effectiveness of network centric controls such as VPNs and hardware firewalls.

Implementing zero trust architectures (ZTA) fundamentally means access privileges are never assumed. At every connectivity request, all entities, whether machines or end users, must prove their identity before any type of transaction occurs, such as viewing database records, copying or deleting files, or using applications. ZTA can significantly enhance end-to-end security while minimising the complexity brought on by point solutions and operationally complex network configurations.

The security community must embrace an ideology of collective defence in Australia and beyond. Information and knowledge exchange is vital to creating a proactive community that can develop and mitigate potential risks. It is especially critical for organisations to assess employee behaviour and enhance security training and hygiene; especially when shifting to hybrid work environments. Any innovation or new infrastructure must be properly maintained in line with organisational policies and asset management. This will provide a solid structure to build new security strategies to address vulnerabilities proactively. 

Australia needs a more collaborative and modern approach to the threats of rising cybercrime. By fostering cooperation between leading businesses, governmental organisations, and experts, the cyber territory will become more secure, igniting trust and security for citizens and customers. The digital world is always evolving, and organisations must keep up with the latest innovations and practices, such as enhancing employee cybersecurity hygiene and shifting digital architectures, to keep up against malicious cyber actors and harness a secure cyber landscape in Australia.

Kavitha Mariappan is Executive Vice President, Customer Experience & Transformation, Zscaler