Australian firms face new risks as AI & threats reshape cyber landscape

Recent commentary from cybersecurity professionals has underscored the increasing importance of building resilience and vigilance across Australia's public and private sectors during Cybersecurity Awareness Month, as incidents involving sophisticated threats continue to affect local organisations.

Experts have highlighted both the pace at which attacks are evolving and the growing prevalence of artificial intelligence (AI) in executing and defending against cybercrime. This comes as incidents at major firms such as Qantas, Western Sydney University, and AustralianSuper remind organisations of persisting vulnerabilities across the national digital landscape.

Changing threat environment

Harry Chichadjian, Security Director at Elastic for Australia and New Zealand, noted that the challenge is compounded by several converging factors including the complexities of cloud migration, expanding digital services and mounting compliance pressures.

"Threat actors no longer simply probe for weaknesses, but are executing attacks immediately, leaving organisations with shrinking windows to respond," Chichadjian said, referencing findings from Elastic's 2025 Global Threat Report. He stressed the necessity for real-time analysis, centralised data management and agile security tools. "Organisations must go beyond reactive measures and instead adopt a holistic approach to cybersecurity, focusing on data."

Chichadjian also pointed to the Australian Cyber Security Centre's assessment that compromised accounts or credentials were the most common type of cyber incident reported by both government and critical infrastructure organisations in the past year. The report backs calls for robust controls around privileged access and continuous account review, as well as a departure from reliance on traditional signature-based detection systems in favour of more adaptive defences.

AI agents and new risks

Jennifer Cheng, Director, Cybersecurity Strategy, Asia-Pacific and Japan at Proofpoint, commented on the arrival of AI 'agentic' workspaces-where AI agents operate alongside human teams-which is reshaping the threat environment.

Cheng cited recent research indicating that three-quarters of Australian business leaders expect to use AI agents as digital colleagues within the next 18 months. "Both humans and AI agents face similar threats, from social engineering and prompt injection attacks to inadvertent data disclosure, but now at unprecedented speed and scale," she said.

"This disconnect highlights a critical gap: awareness alone is not enough, especially when 46% of organisations still lack dedicated insider risk resources to bridge the divide between knowledge and behaviour," Cheng said.

She emphasised that as the workplace evolves, protecting both people and autonomous agents will require embedding security measures and fostering collaboration between AI and human workers.

Emergent cybercrime groups

Recent cyber extortion attempts attributed to groups claiming affiliations with established threat actors like Clop have prompted warnings from analysts regarding attribution complexity in the cybercrime landscape. Charles Carmakal, Chief Technology Officer at Mandiant, part of Google Cloud, confirmed that recent high-volume email campaigns originated from compromised accounts previously linked to FIN11, a financially motivated group known for ransomware activity.

"The malicious emails contain contact information, and we've verified that the two specific contact addresses provided are also publicly listed on the CLOP data leak site," Carmakal said. He urged organisations to investigate possible compromise and added that while actors often mimic established groups for leverage, there is not always sufficient evidence to confirm group attribution.

Carmakal noted, "Attribution in the financially motivated cybercrime space is often complex, and actors frequently mimic established groups like Clop to increase leverage and pressure on victims."

Strengthening collective defences

Shannon Davis, Global Principal Security Researcher at Splunk, observed that government bodies and critical infrastructure providers in Australia are facing stricter cyber compliance mandates and increased requirements to share threat information with authorities such as the Australian Signals Directorate (ASD). Davis highlighted Splunk's recent partnership with ASD on the Cyber Threat Intelligence Sharing (CTIS) platform as a step towards improving collaborative responses.

While regulatory frameworks help define minimum standards, Davis argued that real-time detection and skilled human oversight remain decisive.

"What makes the difference is how quickly organisations and individuals can spot, share, and respond to these threats in real time. This 'human in the loop' approach ensures that AI and automation help defenders, rather than replace them."

Davis added that a mix of regulation, technology and collaboration creates the foundation for resilience, but the speed and judgement of security teams are crucial for effective risk management.

Growing urgency for preparedness

As the scale and sophistication of cyber threats targeting Australia increase, all expert commentary highlighted the urgency for proactive controls, strengthened identity management, and training. The consensus is clear that waiting for incidents to happen imposes far greater costs than acting early to embed resilience and readiness at all layers of an organisation.