Australia facing shortfall of cyber security workers amid increasing threat of cyber attacks

Australia’s cyber security sector faces a looming shortfall of about 85,000 workers as the nation grapples with an unprecedented number of high-profile data hacks.

The industry warning comes after a third-party vendor used by Ticketek was hacked, with the event ticketing company disclosing the breach of personal information including names, dates of birth and emails to customers over the weekend.

KordaMentha forensic partner Brendan Read said Australia needed to bolster its skill and worker base as the number of cyber attacks surged in Australia and overseas, leaving individuals, organisations and governments exposed.

“If you’re connected in any way to the internet, you’re at risk whether that be individual or as an organisation or a government agency,” he said.

“We’re all at risk as technology evolves and becomes more reliant on cloud-based platforms and third-party technology.”

Mr Read said organisations were increasingly using third-party cloud-based platforms to store or process confidential client data or critical organisational data.

Over the weekend Ticketek disclosed to clients that their personal information, including names, emails and dates of birth, may have been breached due to a hack on a third-party vendor used by the Australian event ticketing company.

“Our third-party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing an investigation, so that we can communicate with you as quickly as possible,” said the company in an email.

The Ticketek breach came just days after notorious hacking group ShinyHunters claimed to have stolen the data of 560 million users from global ticketing giant Ticketmaster, with potentially thousands of Australians exposed.

The cyber security industry is currently suffering from a shortfall of about 30,000 workers.

AustCyber chief executive officer Chris Kirk said the frequency, sophistication and severity of cyber attacks had steadily increased with an Australian now suffering a cyber attack every six minutes.

Mr Kirk said Australia would need an additional 85,000 workers by 2030 to meet the growing threat, an increase of the current workforce by 66 per cent.

“We’re now at a pivotal juncture in Australia’s cyber security sector, which is undergoing immense change and challenges led by a rapidly digitising economy and escalating global threats,” he said.

“It’s clear we need to fortify the competitiveness of Australia’s cyber security dramatically to improve our international ranking and keep pace with potential threat actors.”

CyberCX chief strategy officer Alastair MacGibbon said the risk of cyber attacks was increasing as hackers were motivated by high rewards with little consequences.

He said threat actors could largely be split into two categories, nation-state actors and and criminals seeking to make a quick buck.

“Criminals monetise harm so they are very damaging, they tend to be a significant problem,” he said.

Mr MacGibbon said about 80 per cent of cyber security workers were men and said the sector suffered from an image problem.

“You don’t need to be a hoodie-wearing hacker and you don’t need to be a person sitting in a basement,” he said.

“You can fight criminal or threat actors from the comfort of the office and do real good.”

Australian Information Security Association chair Akash Mittal said he backed a push to harmonise regulations governing the sector but said calls for the introduction of probity checks and vetting would negatively impact existing workers.

“AISA is of the view that any vetting or mandatory licensing requirements will only affect negatively on the workforce that we already have available,” he said.

“Cybersecurity is not a technology issue, it’s a risk that needs to be managed across people processing technology.”

The Albanese government has committed $586.9 million under the Federal Government’s cyber security strategy, with $8.6 million earned for professionalising the workforce and developing the industry.