Cyber & Info Security

The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats. These can be used by any organisation and can be accessed here – Strategies to Mitigate Cyber Security Incidents. This is supported by the Strategies to Mitigate Cyber Security […]

In February 2024, the U.S. Government’s, National Institute of Standards and Technology released the NIST Cybersecurity Framework 2.0 providing guidance to industry, government agencies, and other organisations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organisation — regardless of its […]

  On 26 November 2024, Australia’s Cyber Security legislation was passed by both houses of Parliament yesterday as part of a package of legislative reforms, which were expedited following the recommendations of the Parliamentary Joint Committee on Intelligence and Security. This includes the Cyber Security Act 2024, the Intelligence Services and Other Legislation […]

  The Annual Cyber Threat Report 2023-2024 was published on 20 November 2024.   In the financial year 2023-24, the Australian Signals Directorate Australian Cyber Security Centre (ASD) received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous financial year. ASD also responded to over […]

The NSW Information and Privacy Commission has a useful resource for any organisation estimating the cost of a data breach. This fact sheet will assist NSW public sector agencies in estimating the cost of a data breach under the Mandatory Notification of Data Breach Scheme as required in the notification […]

On 19 December 2023, the Australian Government released the 2023-2030 Australian Cyber Security Strategy: Cyber Security Legislative Reforms Consultation Paper and an overview of existing cyber obligations for business leaders. The consultation paper is the next step in implementing the 2023–2030 Australian Cyber Security Strategy to boost the nation’s cyber security. The Overview of Cyber […]

The Australian Signals Directorate (ASD) and Australian Cybersecurity Centre have recently updated the Essential Eight Maturity Model (E8MM) to assist organisations in protecting their internet-connected information technology networks against common cyber threats. Key focus areas for this update include: balancing patching timeframes increasing adoption of phishing-resistant multifactor authentication supporting management […]

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) have recently released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. IDOR […]

High-profile data breaches in the last few years have not only resulted in increased regulatory attention but have also served to highlight the evolving set of cyber threats faced by organisations. Of particular note, there have been numerous incidents where cybercriminals have managed to obtain organisational data not through a […]

The Australian Cyber Security Centre  (ACSC) has released a guide for boards and executives that discusses high-level topics to know about cyber security within organisations.  Boards need to proactively build an understanding of their organisation’s specific cyber threat and risk environment. The Guide sets out how the board can understand as […]

The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is […]

The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored. The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in […]

  The increasing awareness of external cyber-security threats has executives focused on how their organisation can be defended against the “enemy at the gates”. But are organisations just as much at risk from an “enemy within”? In this article Dr Peter Chapman, Director in the Ferrier Hodgson Forensic Technology and […]

Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function […]

  As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant – according to the Ponemon Institute’s 2017 Cost of Data Breach Study, these totalled $2.51 million […]