#NSBCS.125 - What Australia’s New Budget Means for Cyber in Your Company

Cyber Resilience
Written By Shane Bell
 

Australia's latest federal budget sends a clear message to business leaders: cyber security is no longer just an IT issue; it is now an economic and operational risk.

For many years, organisations treated cyber security as a compliance exercise, something that was managed in the background by IT teams. The new budget priorities suggest that approach is no longer sustainable. Cyber resilience is becoming part of national economic policy, meaning businesses that fail to modernise may face higher operational, regulatory, and reputational risks.

Why is this change happening now?

  • The threat landscape is escalating rapidly. Government agencies and industry groups continue to warn that Australia remains vulnerable to large-scale cyber incidents affecting critical infrastructure, financial systems, and supply chains.

  • There is a growing connection between cyber security and productivity. Australia is investing heavily in AI, cloud infrastructure, and digital transformation. Major private sector commitments, including billions of dollars in AI and cyber infrastructure investment from Microsoft. Businesses cannot fully embrace automation, AI, or remote operations without stronger cyber foundations.

  • Regulators and customers increasingly expect demonstrable cyber maturity. The Australian Signals Directorate’s latest posture report found that many organisations still struggle to meet recommended cyber maturity standards, even as threats continue to evolve. This means boards and executives are likely to face greater scrutiny over how cyber risks are managed, funded, and reported.

Cyber security spending should now be viewed as business investment, not overhead. Companies that continue to treat cyber protection as a discretionary cost may fall behind competitors and become more susceptible to a breach.

Questions to think about as a business leader:

  • Do you understand your current cyber risk exposure?

  • Is cyber security being discussed at board level?

  • Could your business continue operating after a cyber incident?

  • Are you investing enough in people, training them on the latest scams and AI cyber risks?

Looking to strengthen your Cyber Resilience? Book a meeting with our team today.

What we read this week

  • GitHub Confirms Breach of 3,800 Internal Repositories via Compromised Employee Device - GitHub disclosed that threat actor TeamPCP gained unauthorised access to approximately 3,800 internal repositories following the compromise of an employee's device through a poisoned Visual Studio Code extension. The incident, detected and contained on 18 May 2026, involved exfiltration of internal source code and organisational data, though no customer repositories or production systems were impacted. GitHub rotated critical secrets, isolated the endpoint, and continues monitoring for follow-on activity. TeamPCP listed the data for sale on a cybercrime forum for over $50,000. Organisations using GitHub should review and rotate any exposed credentials or tokens from internal repos and enhance endpoint security for developer machines.

  • Verizon 2026 DBIR: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector - Verizon's 2026 Data Breach Investigations Report highlights that exploitation of vulnerabilities became the leading initial access method in 2025 (31% of breaches), surpassing credential abuse for the first time. The report notes rising AI-accelerated attacks, increased ransomware incidents, third-party compromises, and median patching times rising to 43 days. Web application attacks and bot traffic also surged. Enterprises are urged to prioritise rapid vulnerability remediation, strengthen supply chain security, and adopt behavioural analytics alongside traditional controls to address the evolving threat landscape.

  • Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Operation - Microsoft’s Digital Crimes Unit, with partners, dismantled Fox Tempest’s malware-signing service (signspace.cloud), which had operated since May 2025 and enabled ransomware groups (including Rhysida, Vanilla Tempest, and others) to generate over 1,000 short-lived, trusted code-signing certificates via abuse of Microsoft Artifact Signing. The service allowed malware to bypass defences by masquerading as legitimate software. Microsoft revoked certificates, seized infrastructure, and disrupted the operation (OpFauxSign). Defenders should monitor for signed malicious binaries, enforce strict code-signing policies, and maintain up-to-date endpoint protection.

  • Drupal to Release Highly Critical Core Security Update - The Drupal Security Team announced a highly critical security release for all supported branches, scheduled for 20 May 2026 (17:00–21:00 UTC), warning that exploits could emerge within hours or days of disclosure. The vulnerability affects core functionality and could enable significant compromise for sites using PostgreSQL (SQL injection noted in related advisories). Administrators should prepare by updating to the latest patch releases in advance where possible, test in staging environments, and apply the fix promptly upon release to mitigate risks of unauthenticated exploitation.

  • Grafana Labs Breach via TanStack npm Supply Chain Attack - Grafana Labs confirmed a breach of its GitHub environment, including source code and internal repositories, stemming from a supply chain compromise involving malicious TanStack npm packages. The incident was limited to development assets and did not affect customer production systems or Grafana Cloud. Internal operational data, including some business contacts, was potentially exposed. This underscores ongoing risks in the npm ecosystem; organisations should audit third-party dependencies, implement supply chain security tools (e.g., SBOMs), and monitor for anomalous package updates.

References
Shane Bell
Next

#NSBCS.124 - Why MDR Matters