If a homeowner comes back from a holiday to discover their house has been burgled, there’s a clear course of action: call the police who will investigate the crime and attempt to catch the culprit, then clean and secure the house and lodge an insurance claim. But when it comes to victims of cybercrime, the path isn’t as immediately apparent – but it does exist.
The Australian Cyber Security Centre (ACSC) is leading the fight against cyber criminals, responding to incidents, gathering intelligence, promoting cyber security amongst the population, and coordinating our national cyber defenses. Think of them as Australia’s cyber police, keeping our virtual streets safe from crime – and reporting incidents to them helps build their intel and strengthen their response.
What is the ACSC?
The ACSC was established by the Australian Government in 2014 with a remit to protect the nation and its digital infrastructure from cyber threats. It’s part of the Minister for Defense’s portfolio, which emphasises just how critical its role is in protecting our national sovereignty.
A task as Herculean as protecting Australia against cyberthreats requires a suitably robust and multifaceted approach. While much of what the ACSC does is secretive (it is an intelligence agency after all), it can be broken down into four main categories; responding to threats, running protective countermeasures, collaborating with international agencies and the private and public sectors to understand the threat landscape, and providing practical information and advice to the Australian public. The ACSC Essential Eight, for example, provides eight mitigation strategies that organisations and individuals can implement to make it more difficult for adversaries to compromise systems.
Playing your part to support the ACSC
When an organisation or individual falls victim to a cybercrime, they are encouraged to report it to the ACSC, whether they’re legally required to or not (more on that later). The ACSC’s ReportCyber portal provides a simple pathway for reporting a cybercrime to the relevant authorities, including state police, the Australian Federal Police, and the Australian Federal Intelligence Commission.
Once an incident has been reported, the ACSC provides an individual Cyber Incident Repose Service number, which can be used to check the status of the report and can be provided to insurance companies or financial service institutions as evidence of a breach.
Formally reporting an incident also informs the ACSC of emerging trends in cybercrime and provides them with data to inform their strategies. By knowing what techniques and attack vectors hackers are employing to compromise systems, they’re able to gain a deeper understanding of the threat landscape to deliver a coordinated national response.
The ACSC also works closely with law enforcement agencies around the world to bring down those responsible for attacks. The more intel they have on these cybercriminal organisations, gathered through reports, the more effective those investigations will be.
So, by reporting a cybercrime incident, you’re not only helping yourself or your business; you’re also fortifying our nation’s defenses against future attacks.
Notifiable breaches
In some cases, it is mandatory to report a breach to both the ACSC and those who are impacted. The Notifiable Data Breaches (NDB) scheme establishes the clear ground rules for responding to a data breach. It dictates when an organisation must disclose a data breach also very clear on what information needs to be included in this communication. In short, it’s the rulebook for handling a cyber incident.
Not all organisations or businesses are required to report cybercrime incidents and not all incidents need to be reported. In addition to all Government Agencies, businesses and non-profit organisations with annual turnover of more that $3m, credit reporting bodies and health service providers are all subject to the NDB scheme.
These entities are then obliged to report a breach if there is personal information has been accessed which is likely to result in serious harm to the impacted individuals.
Failure to disclose a breach promptly can result in harsh legal and regulatory action, including substantial financial penalties. Given these painful repercussions, having robust cybersecurity measures in place to prevent them from occurring is critical.
Prepare and protect: what you can do
Every organisation should have an incident response plan in place, outlining the protocol for dealing with a cyber incident. This plan should include managing reporting obligations, and what external resources will be required to manage the incident, such as IT support, insurance, or legal counsel and management processes, key messaging and communication strategies in place to handle external stakeholders such as customers, partners, marketing/media and internal stakeholders including employees etc.
Having a good understanding of what Information Assets are held on your systems will ensure you’re not caught out or failing to meet your reporting obligations if a breach does occur. This activity also provides a good opportunity to ask yourself whether and where you need to store certain personal information, or whether it’s just providing unnecessary risk.
As robust as your incident response plan should be, the hope is you’ll never have to use it, however it is critical to be prepared and minimise any risk. Prevention measures, such as utilising a Managed Security service, including 24/7 Managed Detection & Response (MDR) with both expert human and technology coverage and intervention, gives around the clock protection, with threats able to be identified and can often be contained within minutes.
Learn more