The NSW Small Business Commissioner Cyber Scare 2017 report has revealed cyber crime in Australia is at an all-time high, with defence businesses and the Department of Defence at as much risk as other Australian businesses and agencies.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
In March, the government revealed that a series of outages due to power supply problems over the last few months jeopardised the security of the Australian Signals Directorate (ASD), an intelligence agency for the DoD.
The ASD, which seeks to protect Australia from cyber attacks and electronic espionage, was forced to rely on diesel backup generator's when it was asked to help with load shedding during times of high temperatures on 10 February.
At the time, the minister assisting the Prime Minister for cyber security Dan Tehan said, due to concerns over the power grid's reliability, ASD shifted to its generators.
"This meant that an agency responsible for critical infrastructure was on backup power to pre-empt a cut," Tehan said.
"Having the Department of Defence be put onto generators is a rare and significant event."
The Cyber Scare report has found the cost of cyber crime to businesses in Australia rising by an estimated $1 billion each year, and globally it is costing businesses more than $3 trillion annually.
The document also found one-in-three small businesses in NSW have been victims of cyber crime, but cyber cime is only rated by SMEs as the fifth biggest risk to their business.
The 2016 Defence Industry Policy Statement said around 3,000 SMEs and local businesses around the country support the defence industry.
Security culture – or lack thereof – in Australia is copping the brunt of the blame, with attitudes of government departments and SMEs seemingly on par.
The NSW Small Business Commissioner's survey of 1,400 SMEs in NSW found companies felt their limited online presence meant they're less exposed to cyber crime.
NSW Small Business Commissioner Robyn Hobbs said this is not the case.
"Doing business online can open up huge opportunities but small businesses need to take full account of the risks – for example something as simple as using email every day or taking a phone call can present a big cyber security risk to any business," Hobbs said.
"Research shows around half of cyber security incidents target small businesses and almost 60 per cent of cyber crime impacts small and medium sized businesses."
Similarly, the Australian National Audit Office (ANAO) Cybersecurity Follow-up Audit, published in March, found some government agencies, like the Australian Taxation Office and the Department of Immigration and Border Protection, are not considered "cyber resilient".
The ANAO's report failed these agencies on mandatory whitelisting and software patching requirements proposed by the ASD.
The agencies were found to have varying compliance with the ASD’s top four cyber mitigation strategies: whitelisting, application patching, OS patching and the restriction of administration privileges based on user duties.
In February, the ASD updated its list to include four more mitigation strategies, with the combination now known as the 'Essential Eight'.