Public sector organisations are regular attack targets
In the wake of the disclosure that the Parliament House email network was compromised by possible nation state attackers, new research has been published indicating 88% of public sector organisations have suffered at least one damaging cyber attack in the last two years.
A global study sponsored by cyber exposure management company Tenable and conducted by the Ponemon Institute surveyed public sector cybersecurity decision-makers from Australia, the US, UK, Germany, Mexico and Japan.
The survey found that 62% of public sector organisations in the six countries had suffered two or more cyber attacks in the past two years, with 23% suffering more than five.
These attacks have caused breaches and resulted in significant disruption and downtime for the targeted organisations, the report states.
The most common cyber incidents encountered include employees falling victim to phishing scams that resulted in credential theft (56%), attacks against operational technology infrastructure that resulted in downtime (55%), attacks involving Internet of Things or operational technology assets (46%), and significant disruptions in business processes caused by malware (39%).
In addition, public sector cybersecurity teams admit facing significant challenges managing cyber risk, with only 23% reporting having significant visibility into their attack surface and 62% stating that their organisation lacks adequate staff to scan for vulnerabilities in a timely manner.
While 63% of respondents want to improve their ability to detect and respond to stealthy attacks, 44% still prioritise threats based on the ease of remediation, rather than those threats that pose the greatest risk.
The vulnerability of public sector targets was highlighted last month after House Speaker Tony Smith and Senate President Scott Ryan revealed that Parliament House had fallen victim to a cyber attack that may have been conducted by a state-sponsored actor, affecting everybody with an Australian Parliament House email address.
While the MPs characterised the attack as using sophisticated methods, security experts have cast doubt on this claim, asserting that it appears the attack could have been avoided by using techniques such as multifactor authentication.
The NSW Government has established Cyber Security NSW within the state's Department of...
The UK's National Cyber Security Centre (NCSC) and Information Commission Office (ICO) have...
New guidelines developed by the office of the National Data Commissioner will seek to encourage...