ACSC calls on Australian organisations to assess their preparedness to respond

On Wednesday 23 February the Australian Cyber Security Centre (ACSC), which sits under the Australian Signals Directorate (ASD), published a high alert for Australian organisations calling on them to assess their preparedness to respond to any cyber security incidents that may arise from attacks against Ukraine.

 

In its high alert on Wednesday the ACSC said “Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans”.

 

Former CIO of Hydro Tasmania, which operates critical infrastructure in Australia, Luke Stow welcomes the ACSC’s alert but says the revelations of the 2020 Cloud Migration Survey conducted by cyber security specialist consultancy TrustedImpact, which are discussed in this 2022 Cyber Security Priorities and Investments Discussion Paper, highlight a substantial and widespread vulnerability for many Australian organisations and their executives.

 

“Majority of Australian organisations have migrated sensitive information and data to cloud environments but many have not thoroughly discussed the unique risks associated with cloud and therefore do not have sufficient information to quickly assess their preparedness in response to the ACSC alert”, says Luke Stow who now serves as Executive Director of Alchemy Solutions and Resident Technology Contributor here at The Reboot Show.

 

Stow says the survey reveals 80% of Australian organisations surveyed believed their cloud provider(s) had Disaster Recovery Plans in place and 90% believed the same for Incident Response Plans whilst nearly 60% did not know if any plans have ever been tested to ensure they’re actionable.

 

“Practising and testing these types of plans is a fundamental part of assessing preparedness - having a plan is great, but if you don’t know whether or not the plan in practice actually works then you’re effectively as prepared as you would be without a plan”, Stow adds.

 

TrustedImpact chief executive Tom Crampton says adopting an enhanced cyber security posture, as the ACSC is urging all Australian organisations to do now, requires top down leadership and believes many executives and board members haven’t yet embedded cyber security discussions into their executive agendas.

 

For any executives and board members who still don’t believe this is relevant to them - all they need to do is ask those who have already been stood down for failing to address preventable crises”, Tom says.


“Improving cyber security posture doesn’t have to be expensive. I find it can be effective with some of our clients to discuss ‘if you had $5 to spend, where should it be spent?’ when starting out to demonstrate the importance of prioritising cyber security investments to drive outcomes”.

 

____

 

Download a copy of the 2022 Cyber Security Priorities and Investments Discussion Paper by clicking here

 

Visit TrustedImpact's website for more information on responding to the ACSC's high alert https://www.trustedimpact.com/