Skip to content

Pandemic Delivers Cybersecurity Challenges In Australia

Government departments and agencies are making progress in cybersecurity, but the rate of serious threats remains high.

SYDNEY — Officials responded to more than one cyber incident impacting government departments each day last year, as concerns remain about gaps in security.

A new report by the Australian Signals Directorate shows its Australian Cybersecurity Centre responded to 434 cybersecurity incidents affecting Commonwealth entities in 2020.

Just under half were self-reported to the Australian Cybersecurity Centre while the remainder were identified through investigations, reporting from international partners and third parties, and analysis of classified and open-source material.

“Throughout 2020, Australia was targeted by a range of adversaries who conducted persistent cyber operations that posed significant threats to Australia’s security, stability and prosperity,” the Australian Signals Directorate reported.

The Australian Signals Directorate said the COVID-19 pandemic had presented a number of challenges to security, including public servants working from home.

A new report by the Australian Signals Directorate shows its Australian Cyber Security Centre responded to 434 cyber security incidents affecting Commonwealth entities in 2020. (Mick Tsikas/AAP Image)

“With the urgent need to enable continuity of government through remote working, new cyber threats from state actors and criminals emerged that required new vigilance as a considerable surge in government work was conducted online and often remotely, away from the added security of corporate firewalls and virtual private networks,” it said.

Over the year 150,000 threat events were prevented through what is known as the protective domain name system program.

The domain name system is essentially the phone book of the internet.

The Protective Domain Name System – which will be offered to government departments this financial year – seeks to prevent access to domains identified as malicious by blocking access to sites that host malware, ransomware, phishing attacks and other malicious content.

Over the year, 150,000 threat events were prevented through what is known as the protective domain name system program. (Stefan Postles, Pool/AAP Image)

The Australian Competition and Consumer Commission released a report that found out that Australians were victims of around $850 million worth of scams last year that included investment scams, identity theft, romance scams and online scams.

The Commission tweeted “Australians lost over AU$850 million ($659.2 million) to scams last year, with investment scams, romance scams and payment redirection scams accounting for almost 70% of those losses.”

In a bid to toughen government department cybersecurity, they are now required to self-assess how they are rolling out a suite of protections known as the “essential eight” and report annually to both Australian Signals Directorate and the attorney-general’s department.

Departments were getting better at cybersecurity, but the Australian Signals Directorate warned further improvement was needed especially as cyber threats became more sophisticated.

The agency found 11 percent of government agencies had an ad hoc level of cybersecurity maturity, while 55 percent were described as having a developing level.

The government is investing AU$1.67 billion ($1.29 billion) over 10 years to identify cyber threats, disrupt foreign cyber criminals and protect Australians.

(Edited by Gaurab Dasgupta and Praveen Pramod Tewari.)

Recommended from our partners