SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Australian infrastructure power water towers cyber threats protection
#
Advanced Persistent Threat Protection
#
Supply Chain
#
DLP

Australia’s critical infrastructure faces new wave of cyber threats

Fri, 19th Sep 2025
By Adrian Covich, Vice President, Systems Engineering for Proofpoint in APJ

Australia is confronting an increasingly hostile cyber threat landscape. According to ASIO's 2025 annual threat assessment  Australia's critical infrastructure is routinely under attack from state cyber threats and the threat of high-impact sabotage of critical infrastructure networks is likely to worsen over the next five years.

APT (advanced persistent threat) groups, which are typically linked to nation-states, have significant resources. The Australian Signals Directorate found that 1 in 10 of reported cybersecurity incidents targeted critical infrastructure in 2024. As we saw with the MediSecure hack, high-profile breaches in the critical industries have the potential to impact millions of Australians, demonstrating the far-reaching repercussions for the wider public.

The nature of these APT attacks is also evolving. Threat actors can now leverage artificial intelligence, automation, and zero-day exploits to breach systems with surgical precision. These actors are no longer content with reconnaissance. They're embedding themselves deep within critical infrastructure, laying the groundwork for potential future disruption at a scale we've never seen before. The result is a threat environment that is dynamic, complex, and unforgiving.

This shift is a wake-up call for organisations across Australia, especially those operating in critical sectors such as communications, energy, transport, finance, and healthcare.

In response to the increasingly complex landscape, the Australian government has announced their Critical Infrastructure Risk Management Programme which places greater obligations on organisations to manage insider risks including identifying potential hazards, increasing procedures and stricter reporting requirements. The measures aim to harden Australia's defences against an increasingly sophisticated and determined adversary, however ultimately, the decisive factor in preventing attacks will be the people on the front line.

Targeting humans: The new frontline

Unlike opportunistic cybercriminals, APT actors are patient, well-funded, and strategic. Often backed by nation-states or sophisticated criminal networks, they use spear-phishing, credential harvesting, and lateral movement to maintain persistence within target environments.

Proofpoint's latest Human Factor 2025 Report reveals a striking trend:

  • 25% of all state-sponsored phishing campaigns now begin with "benign" emails designed to build trust.

  • 90% of these messages feign interest in collaboration or engagement.

For example, North Korean actor TA427 uses journalist personas to probe sensitive geopolitical issues, while Iran's TA453 employs similar tactics in Middle Eastern affairs. These campaigns are increasingly psychological, exploiting human curiosity and trust rather than technical vulnerabilities.

The targeting of humans as opposed to software, was also top the list of concerns for CISOs according to Proofpoint's recent Voice of the CISO report. 91% of Australian CISOs who experienced data loss say departing employees played a role, up from 77% last year.

As technology vulnerabilities become increasingly difficult to exploit, cybercriminals are focusing on very attacked people (VAPs), who are often not the employees you'd expect, meaning attackers can succeed without triggering existing safeguards. 

The rise of Generative AI is also amplifying this challenge. While GenAI offers immense potential for innovation, it also introduces new avenues for data loss and social engineering. In fact, 73% of Australian CISOs are concerned about potential customer data loss via these platforms. The ability to rapidly craft convincing, personalised content at scale means that social engineering campaigns can be more targeted, more believable, and more difficult to detect than ever before.

Raising the bar: Beyond compliance

To defend effectively against APTs, organisations must go beyond checkbox compliance. Australia's regulating agency, the Critical Infrastructure Security Centre (CISC), notes that protecting this essential infrastructure is the joint responsibility of the government and private organisations. While alignment with CISC's Best-practice regulation is foundational, true resilience demands a proactive, layered approach:

  • Human-centric security

People are the first line of defence; however, they are also potentially your biggest weakness, with 72% of Australian CISOs citing people as their greatest cybersecurity risk. Organisations should seek to deploy a modern AI-powered, human-centric platform to protect the human layer, which includes behavioural and intent-based detection and flags or blocks anomalies that may indicate compromise. These AI models continuously learn from real-world threats, customer deployments, collaboration platforms, cloud and on-premises data stores.

This layer of protection helps organisations identify threats that bypass traditional security controls. Combined with regular awareness training, it builds a resilient security culture where employees are empowered to act as active defenders.

  • Real-time threat intelligence

Staying ahead of adversaries requires insight into their tactics, techniques, and infrastructure. Intelligence platforms must translate global threat activity into actionable local context.

  • Incident response preparedness

Breaches are inevitable, but delays are not, 76% of Australian CISOs admit their organisations are unprepared to respond to a material cyberattack. A rehearsed, cross-functional incident response plan can limit disruption and accelerate recovery.

  • Third-party risk management

APT actors increasingly exploit supply chain vulnerabilities. Continuous monitoring of vendor and partner risk profiles is now a baseline requirement.

Cybersecurity as a strategic imperative

APT activity is not a passing wave, and it represents a long-term shift in the threat landscape. As adversaries grow more agile and resourceful, Australia's defences must become equally dynamic. Cybersecurity must be elevated from IT issue to board-level priority - from compliance to core strategy.

Related stories
AI-driven ransomware attacks surge, most go unreported
OPSWAT names Jan Miller CTO to lead new Technology Centre
eBPF report shows efficiency, security gains at scale
Securing the digital classroom: A layered cybersecurity approach for K-12 schools
D-Link taps Dicker Data to grow converged security reach

Top stories

Xiid & Cytex link AI governance with zero trust access
Sue Ryder to roll out AI scribe across UK hospices
UK CIOs struggle to govern surge in business AI agents
AI romance scams surge on UK dating apps, says study
Cyber premiums fall as Lockton flags 2027 volatility risk