A recent ransomware incident involving a pharmacy in Toowoomba, Queensland, has brought renewed attention to the cybersecurity challenges facing Australian businesses, particularly small and medium-sized enterprises (SMEs).
The Friendlies Society Dispensary – located west of Brisbane – reported that its internal IT systems were compromised by hackers last month, raising concerns about the security of sensitive business and client data.
According to ABC’s report, authorities, including the National Office of Cyber Security, the Australian Cyber Security Centre, Services Australia, the National Disability Insurance Agency, Queensland Health, and the Department of Home Affairs, have initiated a joint investigation into the breach.
The pharmacy’s CEO, Bayden Johnson, confirmed that the organisation acted promptly upon discovering the breach.
“As soon as this incident was detected, we immediately worked to secure our systems and to establish a clear picture of what happened,” he said, as reported by ABC. “We are working as a priority to determine exactly what information this data contains so we can ensure that all appropriate steps are taken.”
The business, which offers services such as personal mobility equipment and home modifications, continues to work with authorities as the investigation progresses.
A spokesperson from the Department of Home Affairs stated that Services Australia’s systems were not impacted, but indicated that precautionary measures – such as restricting online access – may be taken if irregular activity is detected.
The Toowoomba incident comes amid broader concerns about cyber readiness in Australia.
Recent findings from Yubico’s Global State of Authentication survey, which included responses from 2,000 Australians, reveal that many organisations and individuals are not keeping pace with evolving cyber threats.
According to the survey, only 55% of Australian respondents said their employers use multi-factor authentication (MFA) across all applications, and 41% reported never having received cybersecurity training at work.
Geoff Schomburgk, Yubico’s vice president for Asia-Pacific and Japan, noted that the survey highlighted a significant gap between what people know and what they do regarding cybersecurity
“Individuals are complacent about securing their own online accounts, and Australian organisations appear to be slow to adopt security best practices,” he said, as reported by IT Wire.
The survey also found that 46% of Australians had interacted with a phishing message in the past year, and younger employees, particularly those in Generation Z, were more likely to engage with phishing attempts.
Despite increased awareness of advanced authentication methods such as device-bound passkeys, traditional usernames and passwords remain the most commonly used security measure for both professional and personal accounts.
The research suggests that, even after falling victim to phishing, only a minority of Australians adopt stronger security measures or report incidents to their employers.
In response to the growing threat landscape, the Insurance Council of Australia (ICA) has called for broader cybersecurity requirements for businesses.
In its submission to the Department of Home Affairs, the ICA identified risks associated with artificial intelligence, quantum computing, and the handling of personal data.
The council emphasised that SMEs are particularly exposed to automated and AI-driven cyberattacks, which differ from the more targeted attacks typically faced by larger organisations.
The ICA’s recommendations include increased accountability for technology providers, the development of cross-sector workforce initiatives to embed cybersecurity expertise within SMEs, and the expansion of mandatory ransomware reporting requirements.
The council also highlighted the importance of a national approach that takes into account the varying capabilities and resources of different business sectors.
