October is Australia’s Cybersecurity Awareness Month, the annual reminder for Aussies to stay vigilant online. This year’s theme, ‘Building our cyber safe culture’ once again highlights the importance of taking personal responsibility for staying secure in an increasingly digital world.
Newer posts will appear at the top…
Table of Contents
- Anthony Spiteri, Regional CTO APJ at Veeam
- Geoff Schomburgk, VP for Asia Pacific and Japan at Yubico
- Ash Diffey, Vice President ANZ, Ping Identity
- Akshaye Kalkura, Virtual Chief Information Officer At BizCover
- John Beaver, Founder at Desky
- Mick Owar, Primal Recovery
- Daniel Vasilevski, Owner at Pro Electrical
- Russell Todd, Security Solution Lead at Avanade Australia
- Andrew Black, Managing Director at ConnectID
- Faraz Ali, Product Manager at Vertiv ANZ.
- Shannon Davis, Global Principal Security Researcher at Splunk
- Ben Young, APJ Field CTO at Veeam
Anthony Spiteri, Regional CTO APJ at Veeam
Education
Anthony Spiteri.
With another Cybersecurity Awareness Month upon us, it’s a timely reminder of how important ongoing education and upskilling in the sector is – across all levels. The Latitude and MOVEit cyberattacks are just two of several major cybersecurity incidents that have impacted organisations in Asia Pacific. While attackers have only leaked data in these incidents, there is the potential for data to be damaged and therefore become unrecoverable. With the frequency of attacks showing no signs of slowing down and the increasing uptake of new technologies such as generative Ai, businesses must be prepared.
Cybercriminals are known to not discriminate when choosing their targets but more often than not, employees are the most vulnerable to ransomware attacks. Signing up to new technologies without strategically considering whether it’s a sound investment for the business or not potentially creates more cyber gaps and renders existing processes inefficient. This is why understanding the ins and outs of new and future technologies is key, and it should be incorporated as part of an overarching cybersecurity strategy. Together, this can significantly reduce the likelihood of attacks.
Data Recovery
We’ve seen several major cybersecurity incidents make waves across APJ, such as the Latitude and MOVEit data breaches, fuelling ongoing conversations around how data is stored. The conversation is shifting from how a hack happened, to how organisations are protecting data, particularly how they are storing it. Data breaches are not only a threat towards reputation, attackers can also encrypt data, making it unrecoverable. Businesses should no longer think “if we get hacked” but rather, “when we get hacked, what is our recovery plan?”. By ensuring data recoverability, businesses can ensure business continuity in the case of a cyberattack.
Veeam’s 2023 Ransomware Trends Report revealed an overall increase in cybersecurity investment from organisations across Asia Pacific, with cyber prevention and backup budgets increasing by 5.4 per cent and 5.6 per cent respectively. For organisations to fully benefit from this increased investment, it is essential that they maintain strong communication across teams within the business, such as between IT and senior management. This ensures there is a clear and consistent cyber strategy in place with a business continuity plan to ensure efficient recovery in the case of an attack.
IT leaders need to prepare their businesses for any attack. Finding the right backup solution and storing data smartly are precautions that businesses should take in addition to ongoing education and upskilling of employees on how to evaluate new technologies. Regularly maintaining the security of users, networks and data can reduce the chances of getting hacked and minimise data recovery time in the case of a breach.
Geoff Schomburgk, VP for Asia Pacific and Japan at Yubico
New Data From Yubico’s Global State Of Authentication 2025 Survey highlights a growing gap between cyber awareness and action across Australian workplaces.
Geoff Schomburgk.
Nearly half of Australians (46 per cent) have interacted with a phishing message in the past year, and Gen Z is the most vulnerable demographic, with 62 per cent having engaged with scams. The study found that while 79 per cent of Australians believe their company’s systems are secure, only 55 per cent say their organisation uses Multi-Factor Authentication (MFA) across all apps and services. Alarmingly, 41 per cent of employees report never receiving cybersecurity training. Despite recognising the risks, 31 per cent of Australians still have no MFA protection on personal email accounts, even though these are often tied to banking, retail and mobile services. Among those who fell for a phishing message, many shared sensitive personal details such as email addresses, phone numbers and full names.
Complacency and weak authentication practices are leaving Australian organisations exposed. It’s not surprising that phishing is one of the easiest ways for hackers to gain access, so we must close the gap with strong, phishing-resistant authentication, such as device-bound passkeys and physical security keys, which provide a simple and effective way to strengthen cyber resilience.
Ash Diffey, Vice President ANZ, Ping Identity
According to the Ping Identity 2025 global Consumer Survey, 42 per cent of Australians citing Ai-driven phishing as the modern scam that concerns them most and only 20 per cent feeling very confident in their ability to determine whether something is legitimate or a scam, it’s clear that people feel increasingly vulnerable online. The rise of Ai-powered threats makes it harder than ever for the average person to distinguish fact from fiction, creating a dangerous gap in trust that bad actors are eager to exploit.
Ash Diffey.
To counter this, organisations must move beyond traditional defences and leverage the powerful combination of biometric authentication and verifiable credentials. These technologies give people the tools to quickly and securely prove who they are, while ensuring businesses can validate trust at every interaction. By putting identity at the centre of our digital lives, we can dramatically reduce the success of scams and take meaningful steps toward creating a more secure digital world.
Akshaye Kalkura, Virtual Chief Information Officer At BizCover
One of the most common reasons that business owners don’t take out Cyber Liability cover is because they believe they’re ‘too small’ to be a target. This couldn’t be further from the truth.
John Beaver, Founder at Desky
Phishing attack led to a $4,700 fraudulent invoice being paid after an employee clicked a fake supplier email. The bigger impact was on workflow, with staff losing confidence in email until new phishing training and approval processes were introduced. Good habits and clear SOPs protect a business more than depending on technology alone.
Mick Owar, Primal Recovery
We lost $10,000 to a “man-in-the-middle” scam when hackers intercepted Xero invoices and altered bank details. The only way to play it safe is confirm all details are correct before paying it. The sad part is, I am quite a savvy tech junkie, and it still got me.
Daniel Vasilevski, Owner at Pro Electrical
We narrowly avoided paying a spoofed supplier invoice in June 2025. No money was lost, but it caused hours of disruption and stress for his team. It was a wake-up call about how vulnerable we are when it comes to even the simplest transactions, and it reminded me that the chance of a cyber incident can happen with businesses of any size.
Russell Todd, Security Solution Lead at Avanade Australia
For SMBs, The Cost Of A Cyberattack Can Be Existential – Putting Daily Operations, Customer Trust And Long-Term Growth On The Line
Russell Todd.
This Cybersecurity Awareness Month, the theme “Building our cyber safe culture” is a reminder that cyber resilience isn’t just about having the right technology. While firewalls and patches still matter, the strongest defence comes when people, processes and technology work together.
SMBs face the same threats as large enterprises, but with fewer resources, recovery is harder and the margin for error is smaller. That’s why security must be embedded into everyday operations. Simple actions like using multi-factor authentication, pausing before clicking suspicious links and maintaining strong, unique passwords reduce individual risk. At the organisational level, SMBs need visibility across endpoints, automated responses and responsible use of Ai to stop threats before they spread.
Cybersecurity today is about more than defence – it’s about resilience and trust. For SMBs, building a strong cyber safe culture isn’t optional; it’s the foundation for survival and sustainable growth.
Andrew Black, Managing Director at ConnectID
Small businesses are no longer safe by virtue of their size. A cybercrime is reported every six minutes in Australia, with the average cost to a small business now reaching $46,000 per incident. Yet, only 35 per cent of small business leaders feel vulnerable to attack, despite most having already encountered a threat in work or personal lives. This disconnect is creating risk, not only for businesses but also for the customers whose data they hold.
Andrew Black.
From identity documents to financial records, storing unnecessary information increases vulnerability. If compromised, the damage can extend well beyond financial loss.
This is where data minimisation comes in. By collecting only what is essential to verify identity and avoiding the storage of whole documents, businesses can reduce risk, stay compliant and build trust.
While investment in software and staff training is important, it is not enough. With 81 per cent of small business leaders and employees having experienced a cyber threat at work or in their personal lives, the focus must shift to reducing the amount of data they hold.
This shift is already taking place across many sectors where verifying identity is part of everyday operations. In areas like service marketplaces and real estate, small businesses are moving away from copying and storing ID documents and instead adopting digital services such as ConnectID that allow them to reduce the amount of customer data they hold.
Data minimisation can help reduce the impact of a breach and builds trust with customers, particularly in sectors that handle sensitive information every day.
Digital identity solutions allow businesses to verify identity information without handling or storing excessive sensitive data. The result is lower risk, reduced administrative burden and a better experience for customers who no longer have to hand over copies of ID documents.
For small businesses, verifying identity should be simple, not become a liability. Bank-verified digital checks can reduce the risk for businesses and deliver safer outcomes for customers.
Cyber threats are complex, but solutions don’t have to be. By collecting only what’s essential, businesses can reduce risk, protect customers and strengthen trust.
Faraz Ali, Product Manager at Vertiv ANZ.
Faraz Ali.
Building a cyber safe culture means embedding security into everything we design, deploy and manage – from the physical infrastructure powering our data centres to the digital systems that connect them. At Vertiv, we see cybersecurity not as a layer to be added later, but as a core design principle. The convergence of IT, OT and physical systems has created a broader attack surface, which means resilience must be built in, not bolted on.
As Australia accelerates investment in digital infrastructure – with billions flowing into new data centres to support Ai, cloud and edge innovation – the need for cyber resilience has never been greater. This growth must go hand-in-hand with security by design, ensuring these critical assets are protected from the ground up.
Fostering a cyber safe culture is about shared responsibility: empowering teams, technologies and policies to work together to defend our digital economy. By embedding intelligence, visibility and trust into every layer of infrastructure, we can build a stronger, safer foundation for Australia’s digital future.
Shannon Davis, Global Principal Security Researcher at Splunk
Shannon Davis.
Compliance doesn’t stop cyber-attacks and regulation won’t prevent a data breach. And yet too many organisations treat both as if they can. What really matters is how quickly organisations can detect unusual behaviour, connect the dots, and act before an attack escalates. The reality is attackers are already using Ai and automation to operate at machine speed. Defenders have to keep pace, but handing the job entirely to machines is a mistake. Automation can flag anomalies in real time, yet without human oversight those alerts can create dangerous blind spots. If the system says everything is fine, that’s often the moment to look closer.
That’s why cyber resilience is not about adding more tools, it’s about how people use them. Technology provides reach and scale, but only humans can apply judgement, question false positives, and decide when action is truly needed. Take people out of the loop, and organisations risk automating their blind spots instead of closing them.
Ben Young, APJ Field CTO at Veeam
Building A Cyber Safe Culture: Why Awareness Alone Isn’t Enough
Ben Young.
Cybersecurity Awareness Month serves as a valuable reminder that awareness alone isn’t enough to protect organisations in today’s digital landscape. Action and accountability are the true foundations of resilience. Recent incidents have demonstrated just how disruptive cyberattacks can be, impacting business continuity and eroding public confidence.
This year’s theme, ‘Building our Cyber Safe Culture’, highlights what matters most: cyber resilience begins with people, and is strengthened by the right processes and technology. A robust cyber culture is not just about awareness – it’s about driving behavioural change, preparation and collaboration across every level of the organisation. Cyber preparedness should be as instinctive as fastening a seatbelt: an automatic response, not something considered only after an incident has occurred.
As attacks become more frequent and sophisticated, and with a persistent shortage of skilled cybersecurity talent, the resilience gap is widening. Many organisations are struggling to scale their defences and respond effectively in real time. This is where intelligent automation and Ai can play a critical role – not by replacing people, but by empowering them to detect, respond and recover faster when incidents occur.
In today’s threat landscape, resilience is not about preventing every attack; it’s about being ready to recover quickly and confidently when they happen. Organisations are at different stages along their data resilience maturity journey, but what matters most is progress. Every step towards stronger resilience, better testing and faster recovery brings organisations closer to a culture where cybersecurity is not just a responsibility, but a shared mindset.
Cybersecurity Awareness Month is a timely opportunity for organisations to reflect, take action and build a cyber safe culture that endures.
Last Updated on October 20, 2025 by Nick Ross
