Qld vulnerable to cyber attack: audit

Consultants hacked into three Queensland government entities to test their security and found every one of them was vulnerable to cyber attacks and international espionage.

They were doing so as part of a government audit of three unidentified entities that found poor passwords were a major source of their vulnerabilities.

Other vulnerabilities included outdated technology, insecure encryption channels and in some cases, direct physical access to the systems.

They were listed in a Managing Cyber Security Risks report tabled in state parliament on Tuesday, which also said none of the three entities could show they understood the extent to which they were exposed to risks.

It recommended the entities make sure their users were aware of their own responsibilities in managing cyber security risks.

"In particular, we found poor password practices unnecessarily exposed the three entities to attack," the report said.

"Third-party providers and internal staff could be the weak links in an entity's line of defence."

The report warned there could be organised, targeted or deceptive cyber attacks designed to compromise Australia's economic interest, and national security.

It identified four distinct threats.

They were:

* hacktivists--who target computer networks to advance their political or social causes

* criminals--including individuals and sophisticated criminal groups who steal personal information and extort victims for financial gain

* insiders--who steal information for personal, financial, or ideological reasons

* nation-states--which target systems to steal sensitive state secrets for economic and political advantage.

The report's findings were released as surgeries and outpatient care were delayed in Victoria after regional hospital computer networks across that state were hacked in a ransomware attack.

ASIC deputy chair Daniel Crennan, QC, said cybersecurity threats such as data breaches and financial system attacks are a major concern to the securities watchdog.

Mr Crennan said they will keep pursuing cyber-related market and superannuation offending.

But they also need to make sure institutions keep up with their obligations to ensure they have adequate cyber resilience, he said.

Queensland has earmarked more than $85 million in its 2019-20 state budget to improve digital services and safeguard government systems over the next four years.

Austrlaian Associated PressBack to Breaking News

  • Print this page
  • Copy Link