Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Australian Cyber Security Centre (ACSC) has published a post outlining how the Australian Signals Directorate (ASD) will aid businesses that report cyber crimes.
The document, released on 18 December, outlines what happens when an organisation reports and what the ASD will do in response.
The ASD advises organisations to report instances of data exposure and theft, malware, ransomware, phishing, intentional or malicious unauthorised access, denial of service, network scanning, and other threatening and irregular cyber activity.
When an organisation reports an incident, the ASD will engage in incident response, providing organisations with remediation advice, sending advisories to shape incident response, connecting the business with relevant government agencies, and begin analysing the incident to see if more needs to be done.
“If we assess that your incident requires a more detailed approach, depending on the incident, we may offer” digital forensics teams, guidance on public communications, information to assist in the investigation, cooperation in writing technical briefings for government agencies and industry partners and linking organisations with different parts of the ASD for additional support.
As established in the nation’s first Cyber Security Act, which was passed only weeks ago, the ASD reiterates that information shared with it by the company, incident response provider, or legal representative is protected under the limited-use obligation.
“Under ASD’s limited-use obligation, any information voluntarily provided to, or acquired or prepared by ASD with your collaboration, about a cyber security incident or potential cyber security incident (including vulnerability information) cannot be used for regulatory purposes,” said the ACSC.
The ASD said the information it may request following a report may include malware samples, compromise indicators, network traffic captures, diagrams and documentation, disk images, memory dumps, logs, and more.
Organisations may also be asked about their incident response plan, their cyber resilience and technical resources for investigation, the steps taken towards response so far, if the threat actor is still on the network, if an organisation has the ability to lock down and isolate part of its systems and the next steps it plans on taking.
The ASD said that while it is not a regulator and that reporting to it may not meet mandatory reporting requirements, reporting to the ASD is beneficial to the victim organisation and the nation at large.
“One of ASD’s key strengths is our ability to aggregate and analyse information to produce a national cyber threat picture. We draw upon information gathered through our intelligence sources and, crucially, the information provided by organisations impacted by cyber security incidents in Australia,” said the ASD.
“We use this understanding to assist with developing new and updated cyber security advice, capabilities, and techniques to better prevent and respond to evolving cyber threats. For example, anonymised information from your incident may be used to produce public communication products to help build whole-of-economy cyber resilience.”
Be the first to hear the latest developments in the cyber industry.
