Hundreds of attacks daily on critical organisations


By Dylan Bushell-Embling
Wednesday, 19 April, 2017


Hundreds of attacks daily on critical organisations

Nine in 10 important Australian organisations faced some form of attempted or successful cyber attack in the 2015–16 financial year, with some critical infrastructure organisations being attacked hundreds of times per day.

These were among the findings of the latest report from the Australian Cyber Security Centre (ACSC) covering both government and private sector organisations of national significance.

The report finds that through spear phishing emails alone, organisations are being attacked up to hundreds of times per day.

In total, 86% of surveyed organisations experienced attempts to compromise their network data or system, with 58% experiencing at least one successful attack.

Sixty per cent of organisations surveyed experienced tangible impacts on their business due to attempted or successful compromises, despite rating the incidences as relatively low in severity.

On the bright side, the majority of organisations surveyed displayed a high level of cyber resilience — defined as “an organisation’s ability to prepare for, withstand and recover from cyber threats and attacks”.

But there are still improvements that need to be made, the ACSC said. Just over half (51%) of organisations surveyed said they tend to be alerted to possible breaches by external third parties before detecting it themselves, suggesting that “organisations are not adequately focusing on monitoring networks and detecting potentially malicious activity”, the report states.

Likewise, while a number of organisations have embraced practices such as BYOD or remote work that offer greater workplace flexibility, significantly fewer have implemented mobile device management or identity and access management solutions to mitigate the increased risks these practices bring.

“Despite these gaps there have been improvements. For example, 71% of organisations report having a cybersecurity incident response plan in place compared with 60% in [a 2015 survey],” the report states.

“Now the focus needs to be on ensuring those plans remain relevant. Of all organisations that have incident response plans, less than half (46%) regularly review and exercise these plans. Fifteen per cent either never test the plan, or test it on an ad hoc basis, with 24% testing less than once a year.”

Image courtesy of iaBeta under CC

Follow us on Twitter and Facebook

Related Articles

Demystifying zero trust for government

As zero trust becomes more central to ICT environments, it needs to be considered not just as an...

Cyberwarfare 2025: the rise of AI weapons, zero-days and state-sponsored chaos

Nation-states and rogue factions are rapidly integrating cyber attacks into their military...

Phishing‍-‍resistant MFA: elevating security standards in the public sector

Phishing remains a significant issue for government agencies, and current MFA solutions often...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd