[ad_1]
We are living through a time of significant global disruption — and security risks are rising with it. For organisations navigating this uncertainty, the stakes could not be higher: this is the moment when defences are most vulnerable to a breach.
Security software is forecast to be the fastest-growing segment in 2026, with Gartner projecting spending to rise 12.3% to more than AUD $3.3 billion, up from AUD $2.971 billion in 2025. That investment reflects an increasingly complex threat landscape, driven by persistent attack environments, the growing use of AI, a continuing talent shortage, and rising demands for cyber resilience.
Yet what we are experiencing is not primarily a technology gap, but a governance gap – one that regulators are finally taking seriously. One example is ASIC’s recent Federal Court action, which resulted in a $2.5 million penalty for cybersecurity failures.
This marks the first time the Federal Court has imposed civil penalties for cybersecurity failures under general Australian Financial Services (AFS) licensee obligations, setting a clear licence-to-operate expectation for robust cyber resilience.
This simplified infographic, independently created by iTWire using Gemini Nano Banana 2, is based on this article – which continues below, please read on:
Supply chain attacks have become the go-to model for scalable cybercrime.
For much of the past decade, the dominant cyber threat facing Australian enterprises was financially motivated: infiltrate, extract data, monetise. That has changed.
In our High-Tech Crime Trends 2026 report, a pattern emerged. Across the Asia-Pacific region, 263 instances of corporate access were sold on the dark web in 2025 — footholds quietly acquired in energy, transport, water, and financial infrastructure. Threat actors are mapping operational technology environments and waiting. Not for data. For leverage.
ASIO has flagged that the threat of deliberate sabotage to critical infrastructure is likely to intensify over the coming five years. The mechanisms allowing it are already in place.
According to Gartner’s Hype Cycle for Supply Chain Strategy (2025), supply chain cybersecurity has officially reached the Peak of Inflated Expectations. Although the market recognises the threat, many organisations still don’t have the frameworks to manage it effectively.
Similar to a domino effect, attackers can compromise a single software vendor which leads dozens of victims, sometimes even hundreds. A break into one can mean that every downstream client is exposed. If one popular open-source package is poisoned, thousands of developers could install the same malware without a second thought.
What makes such attacks especially hard to fight is that phishing, identity compromise, malicious extensions, data breaches, and extortion no longer operate as separate threats. They’re interconnected stages of a single attack chain, with each feeding the next. In many cases, defenders realise trust has been broken only after the damage is already spreading downstream.
On top of this, the adoption of generative AI across vendor and partner ecosystems is making things worse. The attack surface has become bigger, the barrier to entry lower, and the intrusion methods are quieter.
Sophisticated adversaries are no longer breaking in. They are being let in.
Understanding who is targeting your organisation, and how, is the first step toward defence. Effective threat intelligence goes beyond knowing that an attack happened. It requires building a detailed picture of the adversary: their infrastructure, tactics, motivations, and likely next moves. When leaders can identify the profile of threat actors in their sector, they are far better positioned to take targeted action to protect their assets. Cyber resilience is not a solo pursuit; partnering with your broader ecosystem is a must.
Take Scattered Spider as an example, one threat actor we recommend tracking. Active since 2022, the group doesn’t rely on technical exploits to breach networks. Instead, it uses vishing, SMS-based attacks, and phone-based impersonation to harvest credentials and MFA codes — typically targeting senior executives at multinational organisations — before turning that access into a supply chain multiplier. Rather than reacting to incidents, organisations that monitor a threat actor’s shifting focus can often anticipate the next move before it arrives.
In 2025, Scattered Spider focused heavily on Salesforce and its adjacent ecosystems. In one campaign, attackers gained access to Salesloft’s GitHub repositories and Drift’s AWS environment, extracting OAuth tokens tied to customer integrations. Those tokens unlocked sensitive data across connected Salesforce environments, including account metadata, AWS credentials, Snowflake tokens, and internal notes.
A similar compromise later affected Gainsight, a Salesforce AppExchange partner. The downstream impact was ultimately felt by more than 700 organisations.
The takeaway here is that a single identity compromise within one trusted platform can ripple silently across hundreds of organisations, without triggering a single traditional security control.
This detailed infographic, independently created by iTWire using Gemini Nano Banana 2, is based on this article – which continues below, please read on:
What organisations should remember
Every vendor, integration, and open-source dependency is part of your attack surface — and each one is a point of trusted access.
Companies with exposure to critical infrastructure — whether as operators, suppliers, or investors — should be pressing for clear answers to questions, such as: Who holds privileged access to our operational technology systems, and through what mechanism? When was that access last reviewed? What assurance do we have that our vendors have not been compromised?
And critically: if we have been breached, what is our capacity to detect it?
Answering those questions well requires more than internal audit. It demands visibility into the external threat landscape — who is actively targeting your sector, what infrastructure they are operating, and whether indicators of compromise have already appeared in underground channels before any alert is triggered internally.
Organisations should maintain a Software Bill of Materials alongside runtime dependency scanning and integrity verification. Tokens, API keys, and service accounts require continuous monitoring for abnormal behaviour, and the cyber resilience of vendors, contractors, and partners should be subject to regular assessment.
Businesses must also prepare for breach scenarios that span shared cloud, CRM, and ERP platforms. In that context, threat intelligence and end-to-end supply chain visibility are not technical niceties. They are business imperatives. Organisations best positioned to act are those that have already mapped their adversaries, not those scrambling to identify them after the fact.
By: Ashraf Koheil, Vice President for META & ANZ at Group-IB
This detailed infographic, independently created by iTWire usign Gemini Nano Banana 2, concludes this article:
[ad_2]
Click Here For The Original Source.
