In April 2023, the Australian Competition and Consumer Commission (ACCC) reported that Australians lost a record $3.1 billion to scams in 2022, up from $2 billion lost in 2021.

That’s $3,100,000,000, much of which could likely be traced directly to one of the almost 900 ‘notifiable data breaches’ Australian organisations reported to the Australian Information Commissioner in that same period.

From digital scams, cryptocurrency theft and ransomware, right through to state-based attacks, the bombardment of digital crime targeting our emails, mobile phones, institutions, services, products and national security operations is relentless, and getting worse every year.

According to cyber security expert Associate Professor Justin Lipman from the University of Technology Sydney’s (UTS) Faculty of Engineering and IT, education and research will be central to reversing this situation.

“As a nation we must be much more proactive about baking cybersecurity considerations into everything we do, from how we design products and services, to how we write legislation and standards to protect us from the products and services we use from overseas,” he says.
“This has been a missing link and is one of the reasons organisations need such large cyber security teams. ‘Firefighting’ is currently the norm, but in the future, I’d like to see organisations have the capability to be more proactive and predictive versus reactive.”

Lipman’s interest in cyber security started in the early 1980s when he was involved in the Bulletin Board System culture in the US and exposed to a wide range of hacker activity.

At the birth of the modern internet in the 1990s, he was in Denmark and Portugal disassembling early computer viruses and the ‘trojan horses’ stampeding onto the scene.

Since then, he’s focused on cyber security-related R&D, covering everything from technology for theft detection, to teaching secure coding, to creating tools to detect nefarious devices in corporate environments.

Lipman says that while the threats facing Australian organisations – from the largest corporation to the classic ‘mum and dad’ small business entity – are many, there are several key things they can start doing right now to protect themselves.

“Organisations are only as strong as their weakest link, so training all staff to recognise things like phishing emails – the most widespread and potentially most damaging of attacks – is vital,” he says.

“Other components for a basic cyber security strategy include making sure your data is always encrypted; multi-factor authentication is always turned on; and having excellent processes around backups so systems can be quickly restored after a ransomware attack.”

According to Lipman, the smaller entities, which make up 90% of businesses in Australia, are the ones most likely to lack adequate cyber security training and processes and, as a result, are most under threat.

But one of the barriers to improving the situation is a nationwide lack of cyber security professionals.

“In 2022, the Australian Financial Review reported this deficit to be around 30,000, and while it may take some years to bring this figure down, UTS has a variety of offerings we hope will significantly add to the cyber security talent pool in Australia,” he says.

“At UTS over 1,400 undergrad and postgraduate students per year are enrolled in cyber security-related subjects as part of a sub-major or major in cyber security, but our efforts are not stopping there.

“UTS is involved in a wide variety of related research with high profile industry partners in areas including design, technology and business, as well as agriculture and defence.”

For example, UTS is currently partnering with Bosch and the Food Agility CRC on a $1.5 million project to strengthen data privacy and security across Australia’s agriculture industry.

UTS also hosts the NSW Defence Innovation Network (DIN) with researchers working closely with partners in the Defence Science and Technology (DST) Group, Australian Defence Force (ADF), US Department of Defense, as well as local SMEs and start-ups.

Lipman was also instrumental in the creation of UTS’s newest offering, The UTS Vault.

“Building our sovereign cybersecurity capabilities is top line at UTS and The UTS Vault – an $8 million, Department of Defence-compliant facility – will significantly help build a pipeline of skilled workers for the cyber security, technology and innovation industries in Australia,” he says.

Another related initiative is DX Squared, a shared digital transformation space UTS is developing in collaboration with NTT, a leading Japanese telecommunications business.

“DX Squared has a mission to accelerate, establish and enhance cyber security collaborations in Sydney and grow a joint market for new R&D technology,” Lipman says

In collaboration with Rapido, UTS’s technology development unit, UTS and NTT will jointly conduct a proof of concept for cryptography information-sharing platforms utilising NTT’s ABE (Attribute Based Encryption) technology.

It’s a tremendous opportunity for the whole of NSW in critical areas such as cybersecurity and 5G.”

In the ever-evolving cyber security battleground, Lipman also emphasises the importance of government regulations and laws to protect organisations from insecure off-the-shelf products.

“Academics from UTS Law released a report in 2022, called Regulation of Internet of Things Devices to Protect Consumers, that speaks to the topic of policies regarding compulsory security upgrades for firmware and software sold in Australia,” he says.

“This means, if your mum-and-dad operation buys a product, sticks it on their home network and connects it to the cloud, they can be assured the device can be patched with the latest security software, improving the likelihood they are protected if/when someone attacks that system.”

Lipman’s essential message is that cyber security is a constant process in a fast moving and ever evolving environment that is becoming more reliant on machine learning and AI based tools to complement cybersecurity professionals.

“But amidst all the change, education, training and cutting-edge research projects will continue to be where our cybersecurity solutions lie, and will remain a prime focus of UTS, where our mission is to help make Australia as safe and secure as possible into the future.”

Justin Lipman is Industry Associate Professor at UTS and Director of Research Translation for the Faculty of Engineering and IT. He is also Director of the RF Communications Technologies Lab. UTS ranks highly for both telecommunications and computer science. In 2022, in the ARWU (Shanghai) Ranking, UTS ranked #1 in Australia for Computer Science and Engineering and #17 globally; and #2 in Australia for Telecommunications and Engineering and #13 globally. Contact partnerships@uts.edu.au to explore a partnership with UTS.