Top 5 recommendations for the Victorian State Parliament to improve response against cyberattacks

Concern in the rise of Cyberattacks on Government Agencies

In a recent report tabled in the Victorian state parliament, the Victorian Auditor-General’s Office has highlighted a concerning rise in cyberattacks targeting government agencies. The report reveals that 90% of Victorian government agencies fell victim to cyberattacks last year, putting critical services at risk of disruption. The implications of these attacks extend beyond data breaches, potentially leading to disrupted communication networks, compromised personal information, and the shutdown of vital facilities including water, health, and emergency services.

One incident cited in the report is the cyberattack on Fire Rescue Victoria's dispatch and email systems in December 2022. This attack forced firefighters to rely on traditional communication methods like radios and mobile phones during emergencies, exposing personal staff information in the process. Similarly, in 2019, cyberattacks on Victorian hospitals resulted in delayed surgical procedures due to compromised booking systems. For more insights on this, read our detailed analysis on the Victorian State Parliament's response to cyberattacks.

Critical gaps in the existing cybersecurity measures

Despite the government acknowledging cybersecurity as one of the top 10 risks for the state, the report underscores some critical gaps in the existing cybersecurity measures. Among the concerning findings, 94% of staff at the examined agencies were not using multifactor authentication, a basic yet effective security measure. The report also revealed that none of the audited agencies had fully implemented essential identity and device controls, such as multifactor authentication, to prevent unauthorised access to networks. Learn more about the importance of governance and risk in cybersecurity.

In response to the report, the Department of Government Services has accepted its recommendations and emphasised the priority placed on cybersecurity. The establishment of a new cyber defence centre has enhanced the government's ability to detect and block threats in real time. Investments are being made to further enhance capability and performance across government agencies.

As cybersecurity threats continue to evolve and intensify, it is crucial for Victorian government agencies and supporting companies to take proactive steps, implement robust security measures, and work together to safeguard critical services and the personal information of the community. Explore how tailored threat intelligence can help organisations understand and mitigate cyber risks.

Cybersecurity Recommendations for Government Agencies

We recommend the following key action points to help move towards a more secure digital landscape:

1. Coordinated Efforts: Collaborative efforts among agencies will facilitate a coordinated response to cybersecurity risks, leveraging the public sector's economy of scale.
   
   
2. Regular Training: Ongoing training and awareness programs should be implemented to educate staff about cybersecurity best practices and emerging threats.
   
   
3. Incident Response Plans: Agencies must develop and regularly update robust incident response plans to mitigate the impact of potential cyberattacks.
   
   
4. External Partnerships: Government departments and agencies should collaborate with external partners, including cybersecurity experts and organisations, to review and strengthen cybersecurity controls.
   
   
5. Continuous Improvement: Regular assessments and audits should be conducted to identify vulnerabilities and areas for improvement in cybersecurity controls.
   
   

The following services we provide: Essential 8 Compliance Services, Cybersecurity Incident Response Planning, Security Awareness Program and Training, Strategy and Planning.