1 March 2022

On 23 February 2022, the Australian Cyber Security Centre (ACSC) released the following alert:

Australian organisations are encouraged to urgently adopt an enhanced cyber security position. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

This information has been subsequently updated with guidance regarding mitigating actions (refer ACSC website).

As a matter of priority, all ASIC-regulated entities should adopt an enhanced cyber security posture. This should include reviewing and enhancing detection, mitigation, and response measures. Entities should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required. Entities should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans.

In light of the seriousness of the current situation, ASIC expects all boards, senior management, licensees and other regulated entities to pay heightened attention to their entity’s exposure to the environment and progress on timely mitigation.

Boards, senior management, licensees and regulated entities should consider where they have an obligation to report breaches to ASIC or other government agencies (including the ACSC and the Office of the Australian Information Commissioner (OAIC)), and also where disclosure to the market or in financial reports may be necessary.

Please refer to the ACSC website for further details, and consider subscribing to receive their advisories and alerts to keep up to date with current developments. The ACSC website is a useful resource for Australian businesses containing useful tips, guides and assessment tools.