Executives within Commonwealth government agencies have rated industrial espionage targeting their organisations as the second lowest overall cyber risk in terms of seriousness, with good old fashioned malware, ransomware and data breaches taking out top honours.
That’s the wash-up from the latest report card from the Australian National University’s National Security College, commissioned by telecommunications carrier Macquarie Government released this week.
Launched by Minister Assisting the Prime Minister for Cyber Security Dan Tehan, the report Cyber Governance and the Threat to Mid-Sized Enterprises, reveals that day-to-day cyber-hygiene and pest control are still the biggest headache for agencies.
Agencies also reported incidences of cyber espionage to be at the lower end of the scale in terms of actual incidents that occurred, with everyday ‘malware’ the biggest reported problem followed closely by ‘Ransomware’.
The targeting of government agencies by promulgators of ransomware like CryptoLocker — which typically encrypts a victim’s data in an effort to extort money — is a significant observation not last because of the potential for disruption of government services.
A recent warts-and-all report by the Australian Cyber Security Centre that reviewed the Bureau of Meteorolgy’s compromise by foreign hackers also laid bare the detection of CryptoLocker on the agency’s infrastructure following a sweep, a find that raised eyebrows and concerns across agencies.
Tehan cautioned that responsibility for cyber security couldn’t fall solely to government, and stressed the need to help smaller organisations.
“Improving cyber security in Australia is a job the government cannot do alone and that is why we are committed to working with business to improve information sharing and mitigation strategies through the Cyber Security Strategy,” Tehan said.
“The government is working with industry to develop voluntary guidelines on cyber security. These guidelines will help small and medium-sized enterprises better understand how they can secure their networks and systems.
Macquarie Telecom’s chief executive Aidan Tudehope warned it was small to medium sized businesses at risk.
“It’s been apparent to us that the message cyber security is not reaching the ears of those mid-sized organisations, who too often are simply so busy that they don’t realise this issue concerns them,” Mr Tudehope said.
The report found that among government agencies, 41 per cent described the “awareness and understanding of cyber security” within senior executive teams to be inadequate.
The report found that no Commonwealth public sector agencies had senior management review cyber risks on a monthly frequency.