CrowdStrike warns geographic isolation won't keep threats out of Australia

Australia may be geographically isolated from the rest of the world, but when it comes to cybersecurity, CrowdStrike VP of technology for the Asia-Pacific region Michael Sentonas believes people would be naive to think that there is less of a threat in this part of the world.

"I think there's a perception that things like nation-state attacks are issues for Europe and issues for the US, but that could not be further from the truth; Australia is certainly not immune, and obviously neither is Asia," he said.

"We've seen examples of Chinese actors, and we've seen examples of Russian actors -- including the same groups that were active in the United States during the US election period -- being active in Australia as well."

Sentonas told ZDNet that the APAC region is one of high importance for CrowdStrike, and that historic perceptions of the region's countries lagging behind the rest of the world are not exactly accurate.

"Some of the countries do lag and in certain locations that's true, but then you'll also find a lot of countries are pretty aggressive in terms of rolling out technology and adopting real bleeding-edge strategies," he explained.

"In places like Korea, for example, if there's something that's been made commercially available for an hour, they'll use it, they'll deploy it, they've got bandwidth requirements that are pretty aggressive so you tend to see technologies tested in this part of the world, which I think makes it quite interesting."

With statistics coming from the likes of Kaspersky Lab pointing to Australia as a hot region for ransomware infections, Sentonas explained that ransomware has become somewhat aggressive in the region due to businesses and individuals paying the ransom, with the perception that it is easier to pay the money to reclaim data than it is to report the incident and have authorities deal with it, for example.

As Australia's newly passed data breach notification legislation is slated to come into play next year, Sentonas said people and organisations need to understand that having such legislation in place will not fix the occurrence of breaches.

"I looked at the legislation a couple of interesting ways because my personal opinion is that it's not going to solve all security issues straight away, but I think there's a lot of dialogue that's starting to creep in," he explained.

"We're going to have breach notification, which means everyone is going to panic and start to deploy a product, then they're going to start to improve processes and suddenly, everything's going to be peaches -- I don't think that's going to be the case. The reality is, it's going to take a long time.

"It's going to take some very public examples where people didn't do the right thing, people were compromised, sensitive information was lost, there's going to be some fines and over time, you'll start to see people take it seriously and do something about it."

According to Sentonas, as long as people are realistic and understand what the legislation and the resulting disclosures are about, more precautions will be taken and people will start to take security more seriously -- especially when penalties are incurred by others.

"At the end of the day, if you look at it from that perspective, if everyone starts to actually do proactive things to be more secure, then it's definitely been a benefit," he said. "I don't think anyone would deny that ... time will tell."