Threat to Australia's critical systems growing: ACSC

The Australian Cyber Security Centre (ACSC) has published its first unclassified security threat report, which underlines the scale of the cybersecurity threat facing the nation’s organisations.

The report states that last year alone, CERT Australia responded to 11,073 cybersecurity incidents affecting Australian businesses.

Of these, 153 involved systems of national interest or critical infrastructure that if compromised could significantly damage Australia’s economic prosperity, public safety or national defence and security.

Of the instances involving systems of national interest responded to by CERT Australia last year, 29% targeted the energy sector, 20% targeted banking and financial services, 12% affected the communications industry and 10% each took aim at the defence and transport industries.

Cybersecurity incidents reported by the Australian Signals Directorate (ASD), which primarily responds to incidents involving Australian Government network and those of critical importance, meanwhile increased by 20% in 2014 to 1131.

Australia’s resource wealth and its economic and sociopolitical position makes it a prime target for cyber adversaries including foreign state-sponsored attackers, organised criminals and issue-motivated hacktivists, the report stated.

On the cybercrime front, the report notes a Symantec estimate from 2013 that cybercrime is costing Australia around $1.06 billion per year. But it adds that this is likely to be a significant underestimation of the true costs.

Foreign state-sponsored adversaries have meanwhile started using malicious software typically used by cybercriminals, and will often attack industry targets if they cannot breach the security of a government target.

New ACSC Co-ordinator Clive Lines stated that the report demonstrates that the cyberthreat facing Australian organisations is unrelenting and growing.

“The report provides an overarching view of cyber adversaries, what they want and how they go about getting it from an ACSC perspective,” he said.

“If every Australian organisation read this report and acted to improve their security posture, we would see a far more informed and secure Australian internet presence. We envisage the report will be a useful resource for organisations to start an informed conversation about protecting their vital information.”

The ACSC acts as a hub for the private and public sector to collaborate and share information to combat major cyberthreats.

Its partner agencies include the AFP, the Australian Crime Commission, CERT Australia and intelligence agencies ASIO, the ASD and the DIO. The office was officially opened in November 2014.

Image courtesy Dennis Skley under CC