Summary: This report summarises cyber intrusion activity identified by or reported to the Cyber Security Operations Centre (CSOC) during 2013. It provides a broad overview of cyber threats to Australian government networks, as observed by the CSOC.
The Strategies to Mitigate Targeted Cyber Intrusions remain your best defence against the cyber threat. Implementing the Top 4 strategies as a package is at the core of this protection, as they mitigate at least 85% of cyber intrusions responded to by the CSOC. The Top 4 strategies prevent execution of malicious software, and minimise software vulnerabilities and the ability of a cyber adversary to propagate across a network. The remaining 31 strategies form an excellent basis from which to assess further network security initiatives based on a risk assessment. Your risk assessment processes should take into account the specific risks faced by your agency, the information you are protecting, and your current network security posture.
While socially-engineered emails remain the most prevalent threat to Australian government networks, the CSOC observed the emergence of several new techniques used in these emails during 2013, such as the use of cloud storage providers, Java files, and the repurposing of genuine emails. The increasing skill and resourcefulness of cyber adversaries highlights the importance of being continually vigilant and up-to-date in your network security. The Strategies to Mitigate Targeted Cyber Intrusions have been updated in 2014 to reflect the evolution of the threat environment.
Although the initial cost of implementing the Strategies to Mitigate Targeted Cyber Intrusions can seem high for some agencies, they actually represent an important investment in your organisation, reducing long-term costs and risk. If you experience a network compromise, not only will you be faced with the cost of implementing these strategies to prevent further compromise, but you will also incur both higher direct and indirect costs associated with remediating the compromise. These costs include, but are not limited to, investigating the compromise, tactical remediation, reputational costs, opportunity costs from the loss of information, and lost productivity.