The Australian Securities and Investments Commission (ASIC) has called on Australian organisations to prioritise cybersecurity after finding significant gaps in the cyber capability of corporate Australia.
The ASIC's latest report, which delved into the results of the corporate watchdog's recent cyber pulse survey, has revealed gaps in cybersecurity risk management of critical cyber capabilities – reflecting organisations' reactive rather than proactive approach in managing their cybersecurity.
The participating organisations reported being capable when it comes to identity and access management, governance and risk management, and information asset management.
Large organisations reported having more mature cyber capabilities. By contrast, small organisations lagged behind in third-party risk management, data security, consequence management, and adoption of industry standards – all due to competing demands for limited human and financial resources.
“For all organisations, cybersecurity and cyber resilience must be a top priority. ASIC expects this to include oversight of cybersecurity risk throughout the organisation's supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks. Third-party relationships provide threat actors with easy access to an organisation's systems and networks,” said ASIC Chair Joe Longo.
ASIC emphasised the need to “go beyond security alone and build up resilience” – the ability to respond to, and recover from, a cyber incident.
“It's not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cybersecurity risks,” Longo said. “An effective cybersecurity strategy, and governance and risk framework, should help identify, manage, and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards.”
The national cyber security coordinator, Air Marshal Darren Goldie AM CSC, welcomed the ASIC's latest report.
“Cybersecurity must be a priority for us all, including individuals and businesses large and small. Support is available – the National Office of Cyber Security works closely with industry to promote awareness and best practice and support decision-making in response to cyber incidents. The 2023-2030 Australian Cyber Security Strategy will enable Australia to build and strengthen its cyber shields and develop our resilience to bounce back quickly,” Goldie said.
In other news, Assistant Treasurer Stephen Jones highlighted ASIC's new scam website takedown capability.