Cyber threats evolve rapidly in our current digital world—and Australia is no exception. AI-driven scams, ransomware, and social engineering tactics are only getting more sophisticated. In this interview with Gaidar Magdanurov, President of Acronis, we explore the latest trends in Australia’s cybersecurity landscape, the unique vulnerabilities faced by the region, and how organizations, especially small and medium-sized businesses, can better protect themselves in this dynamic threat environment.
1. How has the nature of cyber threats in Australia evolved over the past year, particularly regarding AI-driven scams and attacks?
I would say that Australia is not much different from the rest of the world. So, what’s happening now is that attackers are using AI to process vast amounts of data that they collect about people and then use that data either to scam them or to attack their accounts by just recovering their passwords using the information that they collect from public sources. Let’s say in the past, if you wanted to collect information about a particular person, you would have to do quite some research. Now, there are lots of tools that can automate that. They pull information from social media, public sources, and the dark web, and you can use that information to either create a very tailored scam, phishing emails, or websites or to use the information to attack a person. I think it would be a great example. Last year, there was this attack on MGM Grand Casino, and, as we know, the attack was done by somebody calling the hot desk line and resetting the password for a super user. And they basically used the information they could find publicly to answer the recovery questions and get the password reset. This is what is currently happening across the world. And I would say specific to Australia, their vulnerability to cyberattacks is largely due to the English language, as these attacks often target English-speaking countries like the US, UK, and Australia. I would also note that AI attacks are on the rise due to attackers being able to collect and process more data, and the quality of phishing attacks is also increasing.
2. What recent findings from the Acronis threat research unit especially concern Australian citizens and businesses?
Malware and ransomware are widespread issues that are not improving. Our research shows Australia has a stable detection rate, but it ranks lower in the number of attacks compared to countries like the United States, Brazil, and Italy. This lower detection rate doesn’t imply that Australians are more protected or fewer attacks are happening. It’s just that the US is one of the top targets.
When we examine what we refer to as the normalized malware detection rate, which is the total number of detections divided by the number of endpoints, we find that Australia is experiencing a slight increase in the number of malware detections. However, there is a slight decline in ransomware detections. Overall, I would describe the situation as relatively stable.
We see fewer new ransomware families and more methods of deployment. Instead of creating new types, gangs are exploiting system vulnerabilities and encouraging individuals to open suspicious files or visit questionable websites to steal credentials. They’re working towards finding more effective ways to deploy ransomware rather than building new families. Here, I would like to emphasize one point: when considering ransomware attacks, they are arguably the most dangerous type of cyber threat for businesses. Because they can cause significant downtime and financial repercussions, potentially leading them to go out of business. So, they target critical industries like manufacturing, healthcare, and finance.
Ransomware has become a major concern for organizations. To target a customer, ransomware gangs often need access to an admin account or an unprotected endpoint on the network. Modern ransomware attacks are increasingly complex; rather than quickly encrypting files, they may remain undetected for long periods, encrypting files gradually or at strategic times. They also often target backup data, making these threats more sophisticated and harder to combat.
Attackers are getting smarter with how they approach backups. If they can’t encrypt the backup directly, they’ll start encrypting files over months until they know the backup data is compromised. Once that’s done, they demand a ransom. This isn’t just happening in isolated cases, it’s a global issue. By using AI, they can customize phishing emails and fake websites to target specific people or companies and then apply the same techniques across multiple countries. Many people think ransomware is only a threat to big organizations like banks or hospitals, but that’s not true. Most attacks target small businesses, and the average ransom payment is about $2,000. Small businesses are being hit constantly, but these incidents rarely make the news. Either the businesses don’t disclose them, or the media doesn’t find them interesting enough to cover.
3. As Australia and New Zealand adapt to this threat landscape, what distinct challenges do you see that may hinder their cybersecurity capabilities compared to other regions?
I recently had over 60 partners join our asynchronous partner day and held 20+ meetings to discuss challenges in Australia. A common theme was that Australia is heavily an SMB market, with many small businesses lacking dedicated IT staff. These companies often depend entirely on managed service providers (MSPs), but many MSPs still focus on basic solutions like antivirus and backups rather than advanced tools like disaster recovery (DR) or managed detection and response (MDR), and Endpoint Detection and Response (EDR).
This leaves businesses more vulnerable to new threats and increases downtime risk. For instance, while backups are helpful, recovery can be slow and hardware dependent. If spare hardware isn’t available, downtime stretches even further. Disaster recovery is a better option for companies where downtime costs are high. However, many still see DR as expensive and complicated, even though modern solutions can be simple and affordable, often layered onto existing backups.
Some partners are already offering advanced DR and security solutions, successfully reducing downtime and protecting against incidents. This is becoming more crucial, especially with recent examples like a CrowdStrike update that caused millions of endpoints to crash. Smaller-scale incidents like this happen all the time whether from software bugs, hardware issues, or cyberattacks.
In short, while SMBs in Australia and New Zealand are slower to adopt advanced solutions due to misconceptions about complexity or cost, progressive partners are proving these services are accessible and effective.
4. Given the current technological and regulatory environment, how prepared is Australia to mitigate AI-driven cyberattacks?
Many businesses still aren’t complying with basic cybersecurity regulations like the Essential Eight, even though it offers straightforward guidelines. During Cybersecurity Awareness Month, the Australian government emphasizes simple steps like using strong passwords, enabling multifactor authentication, and training employees on security. Unfortunately, many businesses still skip these basics, and MSPs in Australia could do more to educate customers and make security training mandatory. After all, human error is the top cause of cyberattacks—think phishing emails or dodgy websites leading to compromised credentials.
To combat more sophisticated, AI-driven threats, businesses need advanced solutions like EDR or XDR (Extended Detection and Response). These systems collect data from multiple sources, detect unusual behavior, and respond proactively. For example, if an employee falls for a phishing email, XDR can detect the malicious software, block it, disable the compromised account, and even remove the email from other inboxes to stop the attack from spreading.
Australia isn’t far behind, but there’s room for improvement. MSPs here should focus on better education and deploying advanced security tools to help businesses stay ahead of these evolving threats.
5. In what ways do you believe AI-driven defense can stay ahead of AI-driven attacks, given the pace of AI development?
That’s a big question! Attackers are smart, and staying ahead means using AI to fight AI. Humans can’t process the massive data volumes AI can handle, so leveraging AI for defense is essential. At Acronis, we use AI for behavioral detection, generating reports to explain attack chains, and even creating automated scripts to apply security policies or fix vulnerabilities. This helps technicians not only respond faster but also learn how attacks work.
AI-driven defense is critical, but it’s not enough on its own. Systems need regular updates, vulnerability testing, and even AI-powered pen testing to identify and fix weaknesses. Education is also key—no matter how advanced your security, a weak password can still compromise everything.
I was just talking to a partner who runs pen tests for their customers. Most businesses don’t realize how vulnerable they are until testing reveals gaps. Once they’re aware, they’re more interested in deploying advanced security tools and investing in training to prevent future issues. It’s a mix of tools, testing, and education that really makes a difference.
As cyber threats grow more sophisticated, Australia’s SMB-heavy market faces unique challenges, from limited IT resources to underutilized advanced security measures. Insights from Gaidar highlight the urgent need for stronger adoption of AI-driven defenses, enhanced disaster recovery solutions, and comprehensive cybersecurity education. By bridging these gaps, businesses in Australia and New Zealand can not only mitigate evolving threats but also build resilience for a secure digital future.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
