Most cyber incidents known to Australia’s lead cyber security centre in the past year have targeted government systems, and many are taking aim at critical infrastructure.
One federal government contractor says it is blocking half a million attacks a day, in a sign of the total scale of cyber security threats.
The Australian Cyber Security Centre, based in the Australian Signals Directorate, emphasised to The Mandarin that “Australians cannot be complacent about their cyber security”.
“The ACSC stands ready to provide assistance and advice as required.”
The centre received more than 67,500 cybercrime reports in 2020-21 – the equivalent of a cyber attack occurring every eight minutes, and a 13% increase on the previous year.
More than a third of attacks – which are committed by state actors and criminals – targeted government agencies at federal, state and local levels. A quarter also aimed to interfere with critical infrastructure, including health care, food distribution and energy sectors.
Contractor Macquarie Government, which says it delivers cyber security and cloud services to 42% of the federal government’s systems, blocks more than 500,000 suspected or confirmed cyber threats every day.
Aidan Tudehope, the company’s managing director, says the figures highlight the depth and frequency of the attacks occurring against sensitive information.
“They also demonstrate the need for robust, Australian-based cyber-security technologies and personnel to remain ahead of the threat environment,” Tudehope said.
He says the attacks include viruses and other malware, port scans, denial of service and script attacks.
“Emails are another common attack vector targeting users within government agencies,” Tudehope warned.
The contract includes having an Australian-based team of security cleared personnel work round the clock to identify and thwart suspicious behaviour.
The Digital Transformation Agency is in the process of clarifying that federal departments and agencies are storing data with certified providers.
“The DTA expects that systems classed as protected are hosted within certified data centre facilities by June 30, 2022, and are working with agencies to achieve this result,” a spokesperson said.
The agency has so far certified around 15 service providers, many of which have multiple data-storing facilities.