Australian firms urged to boost cyber resilience, AI
Thu, 16th Jul 2026 (Today)
Security and AI experts have urged Australian organisations to treat recent warnings on Russian cyber activity and the rapid spread of artificial intelligence as catalysts for deeper structural change, rather than narrow technical fixes.
The comments follow a new advisory on Russian state-linked targeting of critical infrastructure and coincide with AI Appreciation Day.
LevelBlue APAC Regional Director Nigel Hardy warned that organisations treating the latest Russian-focused alert as a simple patching exercise risk missing its broader implications for operational resilience and board oversight.
"Patching matters; however, it can't be the entire response. Otherwise, it suggests advisory compliance rather than absorption of the real content. Reducing real risk means treating network infrastructure as a first-class asset on the same register as an organisation's most critical assets, with the same monitoring and change control as servers and cloud environments."
He said organisations need a broader view of their exposure, including assets beyond traditional enterprise perimeters.
Hardy pointed to the involvement of Russia's Federal Security Service and links to an attempted attack on Poland's electricity grid as a sign that cyber risk in critical sectors now falls squarely within the remit of boards under Australia's Security of Critical Infrastructure Act.
"This means extending visibility beyond owned assets to anything internet-facing across the wider ecosystem, including remote worker and vendor infrastructure. Given the Federal Security Service of the Russian Federation (FSB) attribution and its link to the attempted Poland grid attack, this becomes a board-level resilience question under the Security of Critical Infrastructure Act 2018 (SOCI Act), not just a patching advisory."
He also highlighted weaknesses in basic device security and monitoring that remain common across networks.
"It also means pushing multifactor authentication (MFA) and unique credentials down to router and device management interfaces, and watching for unauthorised configuration changes rather than relying on Common Vulnerabilities and Exposures (CVE) scanning alone, especially because Centre 16's method is opportunistic, not exploit-driven."
Hardy described the warning as national-scale threat intelligence that only has value if organisations integrate it into their own risk frameworks and asset management.
"This advisory is threat intelligence delivered at national scale, and the same rule applies here as everywhere else: its value lies in whether an organisation can translate it into its own context, not in the warning itself."
He added that long-term access to insecure routers points to underlying cyber security investment choices rather than isolated oversights.
"Patching routers is the guidance; however, a decade of quiet access tells us how we've prioritised investment in security. The doors that Centre 16 has been checking aren't hypothetical; many of them are open right now."
Alongside concerns about state-backed cyber operations, AI leaders described a shift in how Australian businesses approach artificial intelligence, moving from experimentation to execution and governance.
HCLTech Executive Vice President and Country Manager for Australia and New Zealand Sonia Eland said the national discussion has moved beyond basic questions about AI's relevance.
"As we mark AI Appreciation Day, it's clear the conversation around artificial intelligence has changed significantly. Most Australian organisations are no longer asking whether AI matters; they're focused on how to use it effectively and responsibly.
"Whilst enthusiasm remains high, many businesses are still working through practical challenges around data, governance, workforce skills and getting real value from their AI investments. The reality is that Australia's biggest AI challenge is no longer access to technology; it's execution.
"The organisations seeing the strongest results are moving beyond experimentation and focusing on practical applications that improve productivity, enhance customer experiences and help employees spend more time on higher-value work.
"At HCLTech, we're seeing increasing demand from organisations looking to scale AI in ways that deliver measurable business outcomes, not just proof-of-concept projects. This AI Appreciation Day, businesses should look beyond the hype and appreciate AI for what it really represents: an opportunity to rethink how work gets done.
"The greatest competitive advantage will come from integrating AI thoughtfully, with the right foundations and clear business goals. Australia has a significant opportunity ahead, but success will ultimately depend on turning AI ambition into trusted, measurable results at scale."
HPE Account Executive for HPC/AI April Neoh said the public conversation often overlooks the infrastructure and governance layers behind AI services.
"AI is quickly becoming a utility that underpins many of the services and experiences we rely on every day, from financial security and customer experiences to business operations and decision-making. Yet while much of the conversation focuses on the AI tools we interact with, the real engine room of AI often goes unseen - the data, infrastructure, security and governance frameworks that enable these systems to operate reliably and at scale."
Neoh said AI Appreciation Day should highlight the importance of those often invisible components.
"This AI Appreciation Day, it's important to recognise the foundations that sit behind AI and the critical role they play in enabling organisations to use this technology effectively. As businesses continue embedding AI into their operations, the focus must extend beyond simply adopting new capabilities to investing in the infrastructure that makes AI trusted, secure and sustainable.
"The future of AI will be shaped not only by the technology itself, but by the systems and foundations that power it."
Commvault Chief Technology Officer for Security in Asia Pacific Gareth Russell said AI is shifting from a perceived advantage to baseline infrastructure, changing the dynamics of cyber risk.
"Not long ago, AI felt like a competitive advantage. Today, it is rapidly becoming infrastructure. Every generation has a technology that rewrites the rules instead of simply improving the game.
"Cloud changed where applications lived. Mobile changed where work happened. AI is accelerating the pace of business. Take Anthropic's recent Mythos demonstration. The headline was not that AI could identify software vulnerabilities. Security teams have been managing vulnerabilities for years.
"More significant was the reduction in the time between discovery and exploitation, from weeks to minutes. AI is not creating an entirely new problem. It is fundamentally changing the economics of an existing one.
"That is why AI Appreciation Day should be about more than celebrating innovation. It should also be about appreciating the responsibility that comes with it. Over the past two years, much of the conversation around AI has focused on hallucinations, bias and misinformation. Those conversations remain important.
"But as AI becomes more autonomous, the discussion is expanding. It is no longer just about whether AI produces trustworthy answers. It is whether we can trust the ecosystem around it.
"Can we trust the data feeding it? Can we verify the identities interacting with it? Can we recover the systems it depends on after an attack? Can we understand and govern the decisions made by increasingly autonomous AI agents?
"Those are the questions organisations will need to answer as AI becomes embedded in everyday business. Innovation now depends on resilience. AI is only as trustworthy as the data, identities and infrastructure behind it. If any of those are compromised, trust erodes quickly, along with the productivity AI promises.
"At Commvault, we've long believed responsible AI and cyber resilience go hand in hand. Responsible AI is about more than governance and ethics. It is about building AI that is transparent, accountable, secure and supported by data organisations can trust and recover when the unexpected happens.
"Trust does not come from AI alone. It comes from the resilience of the entire ecosystem that supports it. The next evolution of work is already beginning to take shape. Employees will not just use AI. They will increasingly work alongside autonomous agents that research, reason, automate and act on their behalf.
"Soon, bringing your own AI agent to work may feel as natural as bringing your own device once did. When that happens, the competitive advantage will not come from having more AI. It will come from creating an environment where people and AI agents can operate together with confidence.
"That requires resilient data. Trusted identities. Transparent governance. Recoverability by design. In other words, the foundations that allow innovation to scale without sacrificing trust.
"Perhaps that is the real lesson of AI Appreciation Day. Appreciate AI for what it can achieve today. But prepare for what comes next. Because the future of AI will not be defined by intelligence alone. It will be defined by trust. And in the age of the agentic enterprise, resilience will be the foundation that makes that trust possible."