“It could be an airline, it could be as serious as a hospital or healthcare system,” he said. “These attacks are only medium in sophistication, but done at a massive scale, it’s a much more serious risk than before.
“The CrowdStrike incident wasn’t a cyberattack, but it was a glimpse of what these things could look like.
“All of the Five Eyes governments say ‘look, we don’t expect this tomorrow’, but one difference I notice when it comes to Australia is the strategic threat posed by China is felt much more viscerally, and we all hope things don’t escalate into conflict there, but if it does get worse, there’ll be a significant, disruptive cyber element to that.”
Some “boring but important” lessons for Australia are for the nation to continue strengthening its cyber defences as much as possible, and to focus on critical dependencies, whether that’s in a company’s own IT infrastructure or that of a third-party supplier.
CyberCX was formed by Malcolm Turnbull’s former cybersecurity adviser Alastair MacGibbon and former Optus Business managing director John Paitaridis in 2019, as a roll-up of 12 smaller cybersecurity firms. It’s since grown into Australia’s largest cybersecurity provider and employs more than 1300 staff with customers in the private and public sectors. Telstra is rumoured to be a likely interested buyer for the company, if its largest investor, BGH Capital, seeks a sale. CyberCX is thought to be worth at least $2 billion.
Martin chairs the company’s UK arm and said he was initially drawn to the role because of his relationship with MacGibbon.
“He’s an old friend, he was my opposite number in Australia,” Martin said of MacGibbon, who was previously the head of the Australian Cyber Security Centre. “I was initially sceptical, but it was a pretty compelling vision.
“With the threat to Australia at the moment, even if the government was able to execute perfectly on everything it wanted, it can’t fix everything, and you need the private sector to step up.”
Martin weighed in on the federal government’s new plan to tackle financial scams, announced in September. It flagged new laws that would impose fines of up to $50 million on banks, telcos and tech giants that fail to act on fraudulent schemes that fleece their customers.
The new regime will not follow controversial changes in Britain however that put the greatest requirements on banks to pay the refunds, seeking instead to share the responsibility with tech platforms such as Facebook if they spread the scams.
Loading
Martin welcomed that decision and said that any plans to shift the onus for scams more heavily onto banks may lead to unintended consequences, like some retirees losing their banking services entirely, given they disproportionately fall victim to scams.
“If I look at my own record, there are lots of things I’m very proud of, we did a lot on cybercrime and financial scams including automatic takedowns, and we set up a central service where you can forward suspicious emails to an email address called report@phishing.gov.uk,” Martin said.
“It’s a massive, really difficult problem, but framing it as a collective problem is that if everybody’s responsible, nobody is.
“And in the UK, the changes that are about to come in have led to some nervousness. It might be a bit like after 9/11 where just doing basic transactions becomes so much harder because everything has to be checked more thoroughly.”
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.