The frank assessment of Australia’s cyber threat status is contained in the Australian Cyber Security Centre (ACSC) Threat Report 2015. A parallel report produced by the Australan Communications and Media Authority (ACMA) was based on interviews conducted in early 2015 with 24 of the ACMA’s Australian Internet Security Initiative (AISI) partners, and reveals that the AISI reports were the main source of data its partners use to identify malware-infected customers on their networks.
The ACSC report warns that cyberthreat incidents in the public eye are just the tip of the iceberg, and Australia must be vigilant and proactive in its approach to cyber security, investing resources to meet the challenges of a complex cyber environment.
And, we are warned: “Compromise is expensive. It can include financial losses, damage to reputation, loss of intellectual property and disruption to business. Australia cannot afford this.”
The report from the ACSC is now available on the centre's website and contains mitigation and remediation information to assist organisations to prevent, and respond to, the threat. The ACMA report can be accessed on the authority's own website.
The ACSC report says that to combat the threats detailed in the report, and reduce the risk of compromise, organisations must move now to implement cyber security measures to make Australia a “harder target, increase the confidence of Australians when they are online, and maximise the benefits of the internet for Australian organisations”.
“Ultimately, this will see organisations and their users taking greater responsibility for the security of their networks and information. The ACSC has been established to help in this process,” the ACMA says, pointing out that the information in the report is designed to assist the achievement of a more cyber secure Australia.
The ACSC says that while its ability to detect and defend against sophisticated cyber threats continues to improve, “cyber adversaries are constantly improving their tradecraft in their attempts to defeat our network defences and exploit the new technologies we embrace”.
“There are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector. The ACSC is reaching out to industry to build partnerships to improve our collective understanding.”