Hundreds of attacks daily on critical organisations
Nine in 10 important Australian organisations faced some form of attempted or successful cyber attack in the 2015–16 financial year, with some critical infrastructure organisations being attacked hundreds of times per day.
These were among the findings of the latest report from the Australian Cyber Security Centre (ACSC) covering both government and private sector organisations of national significance.
The report finds that through spear phishing emails alone, organisations are being attacked up to hundreds of times per day.
In total, 86% of surveyed organisations experienced attempts to compromise their network data or system, with 58% experiencing at least one successful attack.
Sixty per cent of organisations surveyed experienced tangible impacts on their business due to attempted or successful compromises, despite rating the incidences as relatively low in severity.
On the bright side, the majority of organisations surveyed displayed a high level of cyber resilience — defined as “an organisation’s ability to prepare for, withstand and recover from cyber threats and attacks”.
But there are still improvements that need to be made, the ACSC said. Just over half (51%) of organisations surveyed said they tend to be alerted to possible breaches by external third parties before detecting it themselves, suggesting that “organisations are not adequately focusing on monitoring networks and detecting potentially malicious activity”, the report states.
Likewise, while a number of organisations have embraced practices such as BYOD or remote work that offer greater workplace flexibility, significantly fewer have implemented mobile device management or identity and access management solutions to mitigate the increased risks these practices bring.
“Despite these gaps there have been improvements. For example, 71% of organisations report having a cybersecurity incident response plan in place compared with 60% in [a 2015 survey],” the report states.
“Now the focus needs to be on ensuring those plans remain relevant. Of all organisations that have incident response plans, less than half (46%) regularly review and exercise these plans. Fifteen per cent either never test the plan, or test it on an ad hoc basis, with 24% testing less than once a year.”
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...