This is not a drill: A cyberthreat reality check

Cybersecurity is now an official national priority for Australia. So how would we respond to an attack on the country’s critical infrastructure? And what makes Australia vulnerable?

By Ali Moore, University of Melbourne

It’s difficult, if not impossible, to find a security expert who doesn’t think a major cyberattack with potentially devastating consequences is a case of when, not if.

There were 47,000 cyber incidents in Australia alone last year. An ‘incident’ is defined as one or more unexpected events that are likely to compromise an organisation’s operations. That’s 128 a day. Five every hour.

Watch the video

WATCH: What is the cyber threat landscape in Australia? Video: Supplied

Many of them are online scams or frauds.

But the rest are more serious, often aimed at disrupting businesses, sometimes destroying them; stealing secrets and compromising operations; making money and costing companies both cash and reputation.

Lloyds of London rates cyberthreats in Australasia as the second highest risk to our Gross Domestic Profit after a market crash.

Meanwhile, all those hackers are hard at work, and here’s five reasons why they often succeed.

1. PEOPLE

We are the biggest problem - opening that email, clicking on that attachment. You might think when you read the headlines that “I would never do that” but you’d be surprised who would. Phishing emails are still one of the most popular (and successful) tools of the cybercriminal.

And hackers are using increasingly sophisticated techniques to get you to help them access the systems you’re connected to. It’s not always obvious you’re being had.

Last year, reports to the government’s Cybercrime Online Reporting Network indicated losses of over A$20 million as a result of compromised emails. That’s up from A$8.6 million the previous year - a jump of 130 per cent.

But as the government notes, it’s probably a fraction of the real number because it’s a crime that is commonly underreported.

There were 47,000 cyber incidents in Australia alone last year. Picture: Getty Images

2. OBSOLETE TECHNOLOGY

It may seem extraordinary that in the 21st century as we move closer to the reality of driverless cars, some of our critical infrastructure still operates on systems so old they can no longer be patched; this basically means the technology can no longer be updated to address any vulnerabilities.

Last November, Victoria’s Auditor General looked at four government departments as well as the Victoria Police, and found 41 per cent of the systems that support their critical business functions were obsolete.

At Victoria Police, that figure sat at 79 per cent, while a number of public hospitals were also found to have unsupported or outdated technology.

Victoria is not alone, every state has its version of the issue. Old systems are hard to replace – it’s time consuming, complicated and expensive.

3. BETTER HACKERS

Whether they’re motivated by money (the criminal) or to push a political or social cause (the hacktivist) or to steal secrets (the nation state) or an employee who acts consciously or unwittingly (the insider) - hackers are agile, adaptable, and innovative.

As quickly as one bit of malware is detected, another pops up. Speak up as a target and you risk losing visibility and it is virtually impossible to stay ahead of the game. It may not even be an attack on your own systems – think of your supply chain. Brand new software can come with its very own pre-loaded infections and the more connected we are, the higher the risk.

Officially, nation states have the greatest capability to compromise Australian networks, with the resources of an entire country behind them. The government says it’s detected extensive state-sponsored activity against itself and the private sector.

Just in the last three years, we’ve seen the Russians deny they brought down Ukraine’s power grid; the North Koreans deny they were behind the global chaos of the Wannacry ransomware attack; and the Chinese deny they installed malware on computers at Australia’s Bureau of Meteorology.

In 2017, a variant of the Petya ransomware virus hit companies in Russia, Ukraine, and other countries in a cyber attack. Picture: Getty Images

The Australian Prime Minister Malcolm Turnbull calls cybersecurity the new “frontier of warfare”.

Australia now has a very publicly declared offensive cyber capability, with the government officially directing the Australian Signals Directorate to use that capability to “disrupt, degrade, deny and deter” organised offshore cyber criminals.

But what’s not clear is when and how we’re using it. Indeed, just what is acceptable under international law when it comes to offensive cyber operations is the subject of significant debate.

Last year, the UN Group of Governmental Experts on Information Security, which had been negotiating norms of state behaviour in cyber space, collapsed. The sticking point was the application of international law. As a result, the “Wild West” of cyberspace remains with no established legal framework to address cyberattacks internationally.

4. CORPORATE PRIORITIES

Cybersecurity is now on the priority list for most corporate boards in Australia, but what exactly does that mean? Two years ago, the American research and advisory firm Gartner said organisations spent an average of just 5.6 percent of their entire IT budget on security and risk management.

Technology systems, rather than security and risk, have traditionally been where the money’s gone. But the good news is, that’s changing.

This month, Australia’s Cyber Emergency Response Team (AusCERT) found that 58 per cent of organisations in Australia increased their security spend in 2017.

A change in the legislative landscape is also helping to focus minds, with a number of new regulatory requirements aimed at greater accountability.

A cyberattack on the computer networks in South Korean affected three banks, two broadcasters and an internet service provider. Picture: Getty Images

A key change is the new mandatory breach reporting laws. Since February of this year, businesses have been required to report data breaches involving personal information that is likely to result in “serious harm” to the individual affected. In the first 6 weeks of the new regime there were 63 breaches. The next quarterly report will be interesting reading to see if this trend continues.

But there is still a fair way to go when it comes to how business manages its data use.

For its latest State of Information Security survey, PriceWaterhouseCoopers interviewed more than 9,500 senior executives across the globe. It found that just over half have an overall information security strategy. Which means around half don’t. And this could prove disastrous if current threats continue to rise.

5. HUMAN NATURE

How many times have you been working on your laptop when the ‘updates available’ box has popped up, and you’ve clicked ‘tonight’, ‘tonight’, ‘tonight’ repeatedly – and when tonight comes you’re away from your computer and you never install it.

You should.

And it’s the same for business.

The sheer number of businesses that are not adequately protected, and don’t have backups, is astounding. If they did approach their cybersecurity properly, hackers would find their jobs a lot harder.

The Australian Cyber Security Agency makes the point that “too many”of the incidents they deal with “could have been prevented had organisations employed established and relatively straightforward cybersecurity measures”.

The problem is, human nature often gets in the way. Whether it’s making the decision to install the measures in the first place, following the rules and keeping them up to date, or finding a way to hack around them... humans are the biggest vulnerability.

Australia’s cybersecurity is an issue tackled by Ali Moore’s This is Not A Drill series in partnership with the University of Melbourne, Asialink, the Wheeler Centre and the ABC. You can catch this latest episode on the ABC’s iView.

Banner: Getty Images

Public Affairs

Featured

Ali Moore
Vice-Chancellor's Fellow, University of Melbourne

Republish this article

We believe in the free flow of information. This work is licensed under a Creative Commons Attribution-No Derivatives 3.0 Australia (CC BY-ND 3.0 AU), so you can republish our articles for free, online or in print.

All republished articles must be attributed in the following way and contain links to both the site and original article: “This article was first published on Pursuit. Read the original article.”

<header><h1>This is not a drill: A cyberthreat reality check</h1><p><a rel="author" href="https://pursuit.unimelb.edu.au/individuals/ali-moore">Ali Moore</a></p></header><p>It’s difficult, if not impossible, to find a security expert who doesn’t think a major cyberattack with potentially devastating consequences is a case of when, not if.</p><p>There were <a href="https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf">47,000 cyber incidents</a> in Australia alone last year. An ‘incident’ is defined as one or more unexpected events that are likely to compromise an organisation’s operations. That’s 128 a day. Five every hour.</p><figure class="embed full-width"><div class="embed-wrapper"><div class="embed-shiv" style="padding-top: 56.20608899297424%"></div><a class="lazy lazy-video lazy-video--preview" data-provider="youtube" data-thumb-url="https://i.ytimg.com/vi/L69gLgXiI7A/hqdefault.jpg" data-type="video" data-video-id="L69gLgXiI7A" href="https://youtu.be/L69gLgXiI7A"><span class="screenreaders-only">Watch the video</span></a></div><figcaption>WATCH: What is the cyber threat landscape in Australia? Video: Supplied </figcaption></figure><p>Many of them are online scams or frauds.</p><p>But the rest are more serious, often aimed at disrupting businesses, sometimes destroying them; stealing secrets and compromising operations; making money and costing companies both cash and reputation.</p><p>Lloyds of London <a href="https://www.lloyds.com/cityriskindex/locations/region/australasia">rates cyberthreats in Australasia</a> as the second highest risk to our Gross Domestic Profit after a market crash.</p><figure class="related inset-right" role="complementary"><a class="single" data-bound="true" href="https://pursuit.unimelb.edu.au/articles/this-is-not-a-drill-5-facts-about-the-south-china-sea"><img alt="" itemprop="image" src="https://res-4.cloudinary.com/the-university-of-melbourne/image/fetch/s--36Qao70d--/c_fill,f_jpg,q_70,w_435/https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--HQsSX2lD--/c_fill%2Cf_auto%2Ch_630%2Cq_75%2Cw_1200/v1/pursuit-uploads/e08/397/66b/e0839766bc428b755e8295eeaddd9b5fd689b1cea7e77e98836a611677a4.jpg" /><h3>This is not a drill: 5 facts about the South China Sea</h3><div class="readmore">Read more</div></a></figure><p>Meanwhile, all those hackers are hard at work, and here’s five reasons why they often succeed.</p><h2>1. PEOPLE </h2><p>We are the biggest problem - opening that email, clicking on that attachment. You might think when you read the headlines that “I would never do that” but you’d be surprised who would. Phishing emails are still one of the most popular (and successful) tools of the cybercriminal.</p><p>And hackers are using increasingly sophisticated techniques to get you to help them access the systems you’re connected to. It’s not always obvious you’re being had. </p><p>Last year, <a href="http://:%20https:/www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf">reports</a> to the government’s Cybercrime Online Reporting Network indicated losses of over A$20 million as a result of compromised emails. That’s up from A$8.6 million the previous year - a jump of 130 per cent. </p><p>But as the government notes, it’s probably a fraction of the real number because it’s a crime that is commonly underreported.</p><figure class="full-width"><img alt="" itemprop="image" sizes="(min-width: 1300px) 892px, (min-width: 1099px) 860px, (min-width: 769px) 700px, 100vw" src="https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--69tejNEE--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/168/6ca/7f6/1686ca7f63e6352e0742ca0849b3a80c87c8703ba5e970c9bf5307be8740.jpg" srcset="https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--ZNwAANQM--/c_limit,f_auto,q_75,w_446/v1/pursuit-uploads/168/6ca/7f6/1686ca7f63e6352e0742ca0849b3a80c87c8703ba5e970c9bf5307be8740.jpg 446w, https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--O0dfZbGl--/c_limit,f_auto,q_75,w_669/v1/pursuit-uploads/168/6ca/7f6/1686ca7f63e6352e0742ca0849b3a80c87c8703ba5e970c9bf5307be8740.jpg 669w, https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--69tejNEE--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/168/6ca/7f6/1686ca7f63e6352e0742ca0849b3a80c87c8703ba5e970c9bf5307be8740.jpg 892w, https://res-3.cloudinary.com/the-university-of-melbourne/image/upload/s--QUTVCfAn--/c_limit,f_auto,q_75,w_1784/v1/pursuit-uploads/168/6ca/7f6/1686ca7f63e6352e0742ca0849b3a80c87c8703ba5e970c9bf5307be8740.jpg 1784w" /><figcaption>There were 47,000 cyber incidents in Australia alone last year. Picture: Getty Images</figcaption></figure><h2>2. OBSOLETE TECHNOLOGY </h2><p>It may seem extraordinary that in the 21st century as we move closer to the reality of driverless cars, some of our critical infrastructure still operates on systems so old they can no longer be patched; this basically means the technology can no longer be updated to address any vulnerabilities. </p><p>Last November, Victoria’s Auditor General looked at four government departments as well as the Victoria Police, and found 41 per cent of the systems that support their critical business functions were obsolete. </p><p>At Victoria Police, that <a href="https://www.audit.vic.gov.au/sites/default/files/2017-12/20171129-ICT-Disaster-Recovery.pdf">figure sat at 79 per cent</a>, while a number of public hospitals were also found to have <a href="https://www.audit.vic.gov.au/sites/default/files/2017-11/20171129-Public-Hospitals-16–17.pdf)">unsupported or outdated technology</a>. </p><figure class="related inset-right" role="complementary"><a class="single" data-bound="true" href="https://pursuit.unimelb.edu.au/articles/how-small-details-can-create-a-big-problem"><img alt="" itemprop="image" src="https://res-1.cloudinary.com/the-university-of-melbourne/image/fetch/s--GL0u_Ytq--/c_fill,f_jpg,q_70,w_435/https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--nzat2JeN--/c_fill%2Cf_auto%2Ch_630%2Cq_75%2Cw_1200/v1/pursuit-uploads/f89/25d/6f9/f8925d6f938387078e927eb238691de135c7d44a45f72ad7692177e878f9.jpg" /><h3>How small details can create a big problem</h3><div class="readmore">Read more</div></a></figure><p>Victoria is not alone, every state has its version of the issue. Old systems are hard to replace – it’s time consuming, complicated and expensive.</p><h2>3. BETTER HACKERS</h2><p>Whether they’re motivated by money (the criminal) or to push a political or social cause (the hacktivist) or to steal secrets (the nation state) or an employee who acts consciously or unwittingly (the insider) - hackers are agile, adaptable, and innovative. </p><p>As quickly as one bit of malware is detected, another pops up. Speak up as a target and you risk losing visibility and it is virtually impossible to stay ahead of the game. It may not even be an attack on your own systems – think of your supply chain. Brand new software can come with its very own pre-loaded infections and the more connected we are, the higher the risk.</p><p>Officially, nation states have the greatest capability to compromise Australian networks, with the resources of an entire country behind them. The government says <a href="https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf">it’s detected extensive state-sponsored activity</a> against itself and the private sector. </p><p>Just in the last three years, we’ve seen the <a href="https://theconversation.com/the-cyberattack-on-ukraines-power-grid-is-a-warning-of-whats-to-come-52832">Russians deny they brought down Ukraine’s power grid</a>; the <a href="https://www.reuters.com/article/us-cyber-attack-northkorea-idUSKBN18I2SH">North Koreans deny they were behind the global chaos of the <em>Wannacry </em>ransomware attack</a>; and the <a href="http://www.abc.net.au/news/2016-10-12/bureau-of-meteorology-bom-cyber-hacked-by-foreign-spies/7923770">Chinese deny they installed malware on computers at Australia’s Bureau of Meteorology</a>. </p><figure class="full-width"><img alt="" itemprop="image" sizes="(min-width: 1300px) 892px, (min-width: 1099px) 860px, (min-width: 769px) 700px, 100vw" src="https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--7kP1lsRv--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/179/3f2/f6d/1793f2f6d0d08cd2d67bf5fbd88f87794957e0cc29d14a5943db0d476fa7.jpg" srcset="https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--B3F8XtG1--/c_limit,f_auto,q_75,w_446/v1/pursuit-uploads/179/3f2/f6d/1793f2f6d0d08cd2d67bf5fbd88f87794957e0cc29d14a5943db0d476fa7.jpg 446w, https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--JDQf5u-7--/c_limit,f_auto,q_75,w_669/v1/pursuit-uploads/179/3f2/f6d/1793f2f6d0d08cd2d67bf5fbd88f87794957e0cc29d14a5943db0d476fa7.jpg 669w, https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--7kP1lsRv--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/179/3f2/f6d/1793f2f6d0d08cd2d67bf5fbd88f87794957e0cc29d14a5943db0d476fa7.jpg 892w, https://res-4.cloudinary.com/the-university-of-melbourne/image/upload/s--gWHPQD09--/c_limit,f_auto,q_75,w_1784/v1/pursuit-uploads/179/3f2/f6d/1793f2f6d0d08cd2d67bf5fbd88f87794957e0cc29d14a5943db0d476fa7.jpg 1784w" /><figcaption>In 2017, a variant of the Petya ransomware virus hit companies in Russia, Ukraine, and other countries in a cyber attack. Picture: Getty Images</figcaption></figure><p>The Australian Prime Minister Malcolm Turnbull calls cybersecurity the new “frontier of warfare”.</p><p>Australia now has a very publicly declared <a href="https://www.aspistrategist.org.au/australias-offensive-cyber-capability/">offensive cyber capability</a>, with the government officially directing the Australian Signals Directorate to use that capability to “disrupt, degrade, deny and deter” organised offshore cyber criminals. </p><p>But what’s not clear is when and how we’re using it. Indeed, just what is acceptable under international law when it comes to offensive cyber operations is the subject of significant debate.</p><figure class="related inset-right" role="complementary"><a class="single" data-bound="true" href="https://pursuit.unimelb.edu.au/articles/the-simple-process-of-re-identifying-patients-in-public-health-records"><img alt="" itemprop="image" src="https://res-2.cloudinary.com/the-university-of-melbourne/image/fetch/s--vuDhy6r2--/c_fill,f_jpg,q_70,w_435/https://res-5.cloudinary.com/the-university-of-melbourne/image/upload/s--2HNS9B6X--/c_fill%2Cf_auto%2Ch_630%2Cq_75%2Cw_1200/v1/pursuit-uploads/a2d/fa8/352/a2dfa8352a1f6f38b5d3f5293b790e89edfdfa774d5bcbc4f390f2e08682.jpg" /><h3>The simple process of re-identifying patients in public health records</h3><div class="readmore">Read more</div></a></figure><p>Last year, the UN Group of Governmental Experts on Information Security, which had been negotiating norms of state behaviour in cyber space, collapsed. The sticking point was the application of international law. As a result, the “<a href="https://www.lexology.com/library/detail.aspx?g=e4419b4f-5123-4a00-87ff-1bacd54ecff5">Wild West</a>” of cyberspace remains with no established legal framework to address cyberattacks internationally.</p><h2>4. CORPORATE PRIORITIES</h2><p>Cybersecurity is now on the priority list for most corporate boards in Australia, but what exactly does that mean? Two years ago, the American research and advisory firm Gartner said organisations <a href="https://www.gartner.com/newsroom/id/3539117">spent an average of just 5.6 percent</a> of their entire IT budget on security and risk management. </p><p>Technology systems, rather than security and risk, have traditionally been where the money’s gone. But the good news is, that’s changing.</p><p>This month, Australia’s Cyber Emergency Response Team (AusCERT) found that <a href="https://www.bdo.com.au/BDO_AU/media/bdo/PDF/CyberSecurityReport_2017201%208FINAL.pdf">58 per cent of organisations in Australia</a> increased their security spend in 2017.</p><p>A change in the legislative landscape is also helping to focus minds, with a number of new regulatory requirements aimed at greater accountability.</p><figure class="full-width"><img alt="" itemprop="image" sizes="(min-width: 1300px) 892px, (min-width: 1099px) 860px, (min-width: 769px) 700px, 100vw" src="https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--onF8KVkA--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/148/719/4e6/1487194e6584252fd1e438643755292ccbd462fbf35007d7306abd6d32d9.jpg" srcset="https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--kjhX4J_k--/c_limit,f_auto,q_75,w_446/v1/pursuit-uploads/148/719/4e6/1487194e6584252fd1e438643755292ccbd462fbf35007d7306abd6d32d9.jpg 446w, https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--2jbWa_R1--/c_limit,f_auto,q_75,w_669/v1/pursuit-uploads/148/719/4e6/1487194e6584252fd1e438643755292ccbd462fbf35007d7306abd6d32d9.jpg 669w, https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--onF8KVkA--/c_limit,f_auto,q_75,w_892/v1/pursuit-uploads/148/719/4e6/1487194e6584252fd1e438643755292ccbd462fbf35007d7306abd6d32d9.jpg 892w, https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--nHp9VfM3--/c_limit,f_auto,q_75,w_1784/v1/pursuit-uploads/148/719/4e6/1487194e6584252fd1e438643755292ccbd462fbf35007d7306abd6d32d9.jpg 1784w" /><figcaption>A cyberattack on the computer networks in South Korean affected three banks, two broadcasters and an internet service provider. Picture: Getty Images</figcaption></figure><p>A key change is the new mandatory breach reporting laws. Since February of this year, businesses have been required to report data breaches involving personal information that is likely to result in “serious harm” to the individual affected. In the first 6 weeks of the new regime there <a href="https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme">were 63 breaches</a>. The next quarterly report will be interesting reading to see if this trend continues.</p><p>But there is still a fair way to go when it comes to how business manages its data use. </p><p>For its latest <a href="https://www.pwc.com/us/en/cybersecurity/assets/revitalizing-privacy-trust-in-data-driven-world.pdf">State of Information Security survey</a>, PriceWaterhouseCoopers interviewed more than 9,500 senior executives across the globe. It found that just over half have an overall information security strategy. Which means around half don’t. And this could prove disastrous if current threats continue to rise.</p><figure class="related inset-right" role="complementary"><a class="single" data-bound="true" href="https://pursuit.unimelb.edu.au/articles/data-security-in-the-spotlight"><img alt="" itemprop="image" src="https://res-2.cloudinary.com/the-university-of-melbourne/image/fetch/s--8baH0E7b--/c_fill,f_jpg,q_70,w_435/https://res-2.cloudinary.com/the-university-of-melbourne/image/upload/s--2PZN5dUf--/c_fill%2Cf_auto%2Ch_630%2Cq_75%2Cw_1200/v1/pursuit-uploads/d06/600/5cb/d066005cbd38d2b51fd2e545b4cde7fdfbeaaa12f828fe534d8e84aee10c.jpg" /><h3>Data security in the spotlight</h3><div class="readmore">Read more</div></a></figure><h2>5. HUMAN NATURE</h2><p>How many times have you been working on your laptop when the ‘updates available’ box has popped up, and you’ve clicked ‘tonight’, ‘tonight’, ‘tonight’ repeatedly – and when tonight comes you’re away from your computer and you never install it. </p><p>You should.</p><p>And it’s the same for business. </p><p>The sheer number of businesses that are not adequately protected, and don’t have backups, is astounding. If they did approach their cybersecurity properly, hackers would find their jobs a lot harder.</p><p>The Australian Cyber Security Agency makes the point that “<a href="https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf">too many</a>”of the incidents they deal with “could have been prevented had organisations employed established and relatively straightforward cybersecurity measures”.</p><p>The problem is, human nature often gets in the way. Whether it’s making the decision to install the measures in the first place, following the rules and keeping them up to date, or finding a way to hack around them... humans are the biggest vulnerability.</p><p><em>Australia’s cybersecurity is an issue tackled by Ali Moore’s This is Not A Drill series in partnership with the University of Melbourne, Asialink, the <a href="https://www.wheelercentre.com/events/a-hypothetical-cybersecurity-crisis">Wheeler Centre </a>and the ABC. You can catch this latest episode on the ABC’s <a href="https://iview.abc.net.au/show/this-is-not-a-drill">iView</a>.</em></p><p>Banner: Getty Images</p><img alt="" height="1" style="display:none" width="1" src="//track.web.unimelb.edu.au/pursuit/pageview.png?location=https%3A%2F%2Fpursuit.unimelb.edu.au%2Farticles%2Fthis-is-not-a-drill-a-cyberthreat-reality-check&title=This+is+not+a+drill%3A+A+cyberthreat+reality+check&path=%2Farticles%2Fthis-is-not-a-drill-a-cyberthreat-reality-check&campaign_name=Pursuit+republishing&campaign_medium=republish&campaign_content=This+is+not+a+drill%3A+A+cyberthreat+reality+check" />

Media enquiries

Phone: +61 3 8344 4123
Email: news@media.unimelb.edu.au

The Media Office is staffed from 8am–5pm Monday to Friday.

The University has a television and radio studio to facilitate live and prerecorded broadcast quality interviews with media. You can also Find an expert for commentary.