Australian Signals Directorate

Updates are one of the strongest defences in your security toolkit. Updating your device and applications regularly can fix issues and address new security concerns. This is critical for maintaining a secure system. Learn more about updates 👉 https://lnkd.in/gvqzhjRd

Here at ASD's ACSC we champion Secure-by-Design, not only as a key pillar to help increase cyber security but also wider digital resilience. Whether you're a technology manufacturer or an organisation that uses digital products or services, you can help lay more secure foundations for creating and using digital products and services that are secure-by-default, and free from known weaknesses and vulnerabilities. How are you tracking with there 6 Secure-by-Design Foundations? 1. Holistic secure organisation Secure-by-Design practices are whole-of-organisation responsibility, requiring action and commitment beyond operational or technical teams. 2. Early and sustained security Following an early and sustained security-first approach when developing and procuring products is an investment that allows both technology manufacturers and technology consumers to be resilient to cyber risks. 3. Secure product development Digital products and services must be developed to protect against the most prevalent threats and be secure-by-default when delivered to consumers. Secure-by-Demand encourages consumers to demand products that have been developed following a secure-by-design approach. 4. Testing Secure-by-design aims for early detection of weaknesses and vulnerabilities through quality assurance and continuous security testing. Consumers must be able to independently verify digital products and services to make risk informed choices. 5. Continuous assurance Continued revision of digital products and services is essential for ensuring products stay secure throughout their life cycle. Documenting changes to environments and threat landscapes will assist in monitoring, incident management, maintenance and assurance. 6. Secure deprecation Security doesn’t end when a product or feature is decommissioned, is no longer required or the product becomes legacy. Both technology manufacturers and technology consumers must consider how they will manage products through the end-of-life stage of the product life cycle. Let’s work together to ensure the products and services that are being developed and used are more resilient and safer throughout their entire life cycle. Find out more about the key risks, focus areas and benefits of our Secure-by-Design Foundations 👉 https://lnkd.in/gchAXWp7 #CyberSecurity #SecureInfrastructure

ASD’s Cyber Security Partnership Program enables Australian entities to engage with ASD and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy. Our community of ASD’s Cyber Security Partners includes cyber security professionals across government, industry, academia and the research sector. Bringing together the situational awareness, technical expertise and experience of this community allows the public and private sectors to support and learn from each other, sharing insights and collaborating on shared threats and opportunities. • ASD Network Partnerships are available to organisations with responsibility for the security of a network or networks (either their own or on behalf of customers) as well as academic, research and not-for-profit institutions with an active interest and expertise in cyber security. • ASD Business Partnerships are available to those with a valid Australian Business Number (ABN) and is suitable for organisations who would like to receive the latest information from the ASD's ACSC, but do not meet the eligibility to register as an ASD’s Cyber Security Partners. • ASD's Home Partnership is available to individuals and families who would like to learn more about the cyber security landscape. As an ASD’s Cyber Security Partner you may be provided access to: • Threat intelligence, news and advice to enhance situational awareness • Collaboration opportunities • Resilience-building activities (e.g. exercises, discussions, workshops) • Partnership Program State/Territory offices. Network Partners also have access to the Cyber Threat Intelligence Sharing Platform (CTIS), which shares indicators-of-compromise in real time within a growing community of Australian government and industry partners. CTIS also supports community partners to share their threat intelligence. Co-designed with industry, CTIS alerts security operations centre analysts to threats targeting Australian organisations. Learn more about our Cyber Security Partnership Program 👉 https://lnkd.in/gRHHF2dq

Email security is more important than ever as cybercriminals continue to find new ways to exploit vulnerabilities. Business email compromise (BEC) attacks pose significant risks to organisations and individuals alike. It's crucial to stay informed and vigilant in protecting our accounts from unauthorised access and phishing attempts. What steps are you taking to secure your emails? There are some common warning signs to look out for to identify if someone has accessed your account. For example you: • try to log in but your password is incorrect • find sent emails that you are unaware of • get unexpected password reset notifications • notice sign-ins from unusual IP addresses, devices or browsers • find emails that have been moved or are missing. Find out how to secure your email: https://lnkd.in/gR4u8x2U

Expressions of interest are now open for the Women in Security Mentoring program. This partnership between ASD, AWSN - Australian Women in Security Network and OK RDY aims to empower and support women in the security industry. Mentors and mentees will get exclusive access to mentoring modules, which covers a range of topics including reciprocity, building trust, meaningful mentoring, how to get started with mentoring, building confidence and more. If you are interested, head to https://lnkd.in/g4NuQnhA to find out more and register!

For small and medium businesses, even a minor cyber security incident can have significant impact. Preparation is key. Make sure your business has the right protections in place to reduce cyber security risks and minimise downtime. 1.Understand the threats facing your business: Watch out for phishing attacks that could steal information or deploy malware. 2. Secure your accounts: Use multi-factor authentication and access controls to lock down accounts. 3. Protect your devices and information: Keep on top of software updates, data backups and security software. 4. Prepare your staff: Educate employees and create an emergency plan to reduce the impact of an incident. We have resources to help all businesses boost their cyber security. These include practical tips for protecting assets and information. For more detailed advice, read our Small Business Cyber Security Guide 👉 https://lnkd.in/gbCSGHJw

Australian organisations are continually targeted by malicious actors with increasing frequency, scale and sophistication. As malicious actors become more adept, the likelihood and severity of cyber-attacks is also increasing due to the interconnectivity and availability of information technology (IT) platforms, devices and systems exposed to the internet. It’s important for organisations to have a Cyber Security Incident Response Plan (CSIRP) to ensure an effective response and prompt recovery in the event that system controls do not prevent a cyber incident from occurring. If you don’t have one already, then it’s time to develop your CSRIP to ensure that your business understands the actions it needs to take before, during and after unexpected events and situations. Learn how to prepare for and respond to cyber security incidents 👉 https://lnkd.in/ghWJvci6

Collaboration is key to everything we do. We work closely with industry and government to share intelligence and provide cyber security advice. We provide technical advice and assistance to Australian organisations as needed in response to cyber incidents, always in strict confidence. Find out how we can help during a cyber security incident 👉 https://lnkd.in/gMZs-qKa

Phishing is one of the most common and effective techniques used by cybercriminals to gain unauthorised access to a computer system or network. Once a victim engages with the malicious link or file, they may be prompted to provide personal details, or malware may run on their device to covertly retrieve this information. Cybercriminals may then use this information to steal money or goods, or leverage this information to access other accounts and systems of higher value. Australians are becoming more aware of techniques dependent on social engineering (like phishing) but more can be done to build resilience: ✔️ Think twice before clicking on links from unsolicited correspondence ✔️ Verify the legitimacy of suspicious messages with the source via their official website or verified contact information, particularly if it is a request to transfer money or supply sensitive information. Visit the entity’s website directly, rather than via links in emails, SMS or other messaging services ✔️ Report unusual activity as quickly as possible to ReportCyber and Scamwatch ✔️ Educate staff on corporate-focused social engineering tactics and how to identify risk. Visit https://lnkd.in/gdPhG42Q to read all of our guidance on how to protect yourself and your business.

❗ UPDATED ALERT ❗ CrowdStrike has released further technical advice to support customers who may be experiencing remediation difficulties due to Bitlocker implementations. Affected customers are advised to follow CrowdStrike guidance. Read the full alert 👉 https://lnkd.in/gackpyuK