While latent human error and the deliberate social engineering that accentuates it remain, perhaps, the number one external influence resulting in network vulnerabilities among public sector agencies and private sector enterprises, there are a growing number of ways to combat the potential threats.
“You can’t patch a human, but you can teach a human,” Bailey said.
Bailey, who has a history of doing security work for some of Australia's largest banks and other enterprises, notes that many government agencies and large private businesses would generally have some level of internal cyber threat reduction training in place, to help employees be more aware of the potential threats arising from social engineering exploits.
"Staff security awareness training is part of the ISO 27000 standard, which relates to government and corporate," he said.
For those that do not have their own internal programs in place, however, local IT providers with some level of security specialisation and the appropriate certification, such as The Missing Link, are in a position to step in and help public and private organisations to identify their weaknesses and take measures to protect themselves.
“Some of the consulting services we offer are social engineering,” Bailey said. “And the sole purpose around that is that, rather than scan a network and break a machine, you break a human, basically.
“That social engineering can be in the form phishing, sending fake emails, and even in the form of simply calling up and saying, ‘hi, I’m in the IT department, can I change your password?’ or just gaining information like date of birth.
“You really only need someone’s full name, date of birth, and an address to wreak havoc with their identity in most cases,” he said.
Certainly, the education and awareness approach to reducing potential threats rates high on Turnbull’s list of what the nation needs to do in order to protect itself from malicious attacks on Australian companies and government agencies.
“We need to be aware of the threats and how to mitigate them and protect against them,” Turnbull said. “Awareness is the absolutely most important first step. A lot of the vulnerabilities, as you will have seen, are because people do not follow good cyber practice.
“They open attachments from sources they are not familiar with. They're not sufficiently careful in the way they manage their passwords. They don't, for example, use two-factor authentication with cloud-based application and so forth.
“So it is very important to be aware - the vulnerabilities are always there - if people are not. It is also critical that we maintain the integrity of our political process,” he said.