ASD’s Annual Cyber Threat Report 2023-2024

It is said that "an ounce of prevention is worth a pound of cure." This could not be truer when it comes to protecting your organisation against modern cyber threats.

The Australian Signals Directorate (ASD) has recently released their 2023 - 2024 Cyber Threat Report, which paints the picture of an ever-evolving cyber threat landscape. The report covers areas such as state actors, critical infrastructure, cybercrime, hacktivism, resilience, and ASD programs, and we wanted to highlight some key insights from the report.

Increase in Critical Infrastructure Incidents

"Critical Infrastructure made up 11% of all cyber security incidents."

Cyber incidents targeting Australia's critical infrastructure are still a persistent issue. These attacks emphasise a troubling trend: the systems we rely on for essential services - energy, transportation, water, and healthcare are more consistently at risk.

These attacks are often sophisticated and persistent with the most common threat vectors being phishing, exploitation of a public-facing application, and brute-force activity. Securing these environments requires a comprehensive approach, encompassing robust identity management, network segmentation, and incident response planning. It should also be noted here that ASD has speculated that under-reporting could account for the drop in cyber incidents against critical infrastructure.

Artificial Intelligence (AI) is Changing the Game

"Using AI in social engineering attacks means that cybercriminals can maximise their success rates with little additional effort."

AI is reshaping the cybercrime landscape, enabling criminals to exploit vulnerabilities at an unprecedented scale. Cybercriminals leverage AI to enhance social engineering tactics, such as spear phishing and voice imitation, making attacks more personalised and convincing. The report points out that 'AI will allow cyber criminals to undertake more labour-intensive activities, such as generating spear phishing content more efficiently and on a larger scale'.

However, AI's role in cybersecurity is not one-sided. It also offers promising defensive applications, such as improving the detection of phishing attempts and enhancing incident response.

For organisations, this evolution in attack methods means that phishing and social engineering will become harder to detect. To address these challenges, information security awareness and training should not be just a tick-box exercise and should instead be interactive, practical, and ongoing, equipping employees with the skills to identify and respond to advanced threats in the evolving cyber threat landscape.

What does ASD recommend?

"ASD encourages organisations to implement the Essential Eight Maturity Model."

The report emphasises the importance of ASD Essential Eight (E8) framework as it remains a cornerstone of Australia's defence against cyber threats, encouraging practical, adaptable solutions to reduce vulnerabilities across organisations. The report also sheds light on problem areas outside of the Essential Eight such as information security awareness leading organisations to take creative solutions to evolving threats.

At Security Centric we help organisations turn thought into action. From Essential Eight assessments, gap remediation, and full implementation, to creative, scalable information security awareness training we ensure organisations are prepared for today's threats.