The Australian National Audit Office (NAO) has recently released the latest report on their government’s cyber security potential and concluded that the immigration department and the tax office department of Australia are extremely vulnerable to cyber attacks.
The NAO has claimed that the Department of Immigration and Border Protection and the Australian Taxation Office have failed to implement mandatory security strategies by 2016. The agency found that the said government organizations are prone to cyber threats which include internal threats such as unauthorized leaks and security breaches.
Hence, the computer networks related to these offices are extremely prone to cyber attacks launched by individual and state sponsored actors.
The audit report added that the Department of Human Services was the only agency which had proper protections against external attacks. And that was the presence of cyber resilient infrastructure which can offer business continuity even under the influence of cyber attack.
Though the tax office and immigration departments have vast troves of sensitive info about Australian citizens, they are being insufficiently being protected from external attacks.
What if details like birth dates, bank account details, drivers license, tax file numbers and biometric data leak to public….?
In the year 2013, the fed made it mandatory for its agencies to implement 4 It security strategies which include- patching applications, patching operating systems, minimizing administrative privileges and application whitelisting.
As per the report filed by NAO, Australia’s Human Services department is the only public organization which has observed that the all four security strategies are in place by 2016.
All other departments either have ignored or delayed the implementation of cyber security strategies for reasons. Therefore, the shortcomings include outdated software, delays in installing important security patches, and the exclusion of some departmental systems from regular security patching.
A spokesperson from Immigration department has said that his organization has improved its cyber security since the last audit in 2014, but admitted that it still faces high risk and challenges from state-sponsored actors.
But by the month of June this year, the department has promised to deliver several programs it believes will improve compliance and capability as a part of its 5-year program to better resilience.