Cybercrime is a growing concern among Australians. During the 2020-2021 financial year, Australian organisations reported losses of more than $33 billion from cybercrime.
More recently, the government announced a $9.9 billion investment into strengthening Australia’s intelligence and cyber capabilities in the 2022-23 Federal Budget.
With the goal of helping make Australia the most secure place to connect online, the Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security.
The ACSC makes several recommendations for Australian organisations.
Recommendations to Improve Cyber Security
The ACSC recommends that all Australian organisations prioritise implementation of the Essential Eight Maturity Model and, in particular, consider the following six actions:
- Report all cybercrime and cyber security incidents, via Reportcyber.
The more awareness we can bring to these incidents, the better prepared we can all be in avoiding or limiting their impacts. - Become an ACSC Partner or get updates from an ACSC Partner to be kept updated with relevant information.
Manage Protect is an ACSC Network Partner and endeavours to share important updates with partners and the general public. - Know your networks.
The ACSC encourages all users to understand and review their networks to establish where valuable or sensitive information and infrastructure is located, and apply appropriate cyber security measures proportionate to the risk of compromise. - Patch within 48 hours where an exploit exists.
Malicious cyber actors monitor reporting of security vulnerabilities and use automated tools to regularly scan for and exploit network vulnerabilities. This means that organisations can no longer follow monthly patch update cycles – they should prioritise patching to protect their networks from cyber security incidents. Ensure patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. - Evaluate risks associated with cyber supply chains.
The ACSC encourages organisations to follow the ACSC’s advice on cyber supply chain risk mitigation. - Prepare for a cyber security incident by having incident response, business continuity and disaster recovery plans in place, and testing them.
An incident response plan enables organisations to respond decisively to a cyber security incident, limit its impact and support recovery.