Recent reports by the Australian National Audit Office (ANAO) has revealed that the Australian Government did not fully meet the implementation of the cyber security risk mitigation strategy agreed upon eight years ago, and have failed to adhere to their own cyber standards. These mitigations covered the following areas:
- Application Whitelisting
- Patching Applications
- Patching Operating Systems
- Restricting Administrative Privileges
The Office of The Prime Minister has stated that all strategies were fully implemented, yet according to the auditor’s office report, the Restricting Administrative Privileges strategy hasn’t been fully implemented according to the standards set.
Has the Government failed their own cyber standards?
The Government weren’t able to meet the standards put in place, however, in the cybersecurity environment patches are not all implemented right away. It is more like a cat and mouse game – cyber professionals try their best to stop breaches and attacks, yet threat actors always find a new method or strategy to deploy in their next attack.
Another barrier that impedes full implementation of mitigation strategies is the skill gap currently present in the job market. Most professionals in the cybersecurity field tend to work mainly in the private sector, which leaves the public sector with the difficult task of building a professional team from scratch.
However, due to recent changes in certain legislature regarding technology, the current government is trying to work more alongside the private sector in order to fulfill their strategies and standards.
Agilient is one of those private companies that is lending their expertise and services to the government, allowing them to cover more ground and close the skill gap as quickly as possible.
For more information about our cybersecurity and cyber standards services, please get in touch.
Author: Saeed Baayoun, Agilient Consultant