Select Page

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Posted by | Oct 2, 2019 | , , , , | 0 |

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Australian Information Security Audit Report October 02 2019

Queensland government cyber defences fail ethical hack test.

Sensitive information accessed with relative ease.

Reported in: iTnews

Ethical hackers from Queensland’s Audit Office were able to exploit vulnerabilities in the IT systems of three state government entities to access sensitive information during recent cyber security testing.

“The fact that our consultants successfully compromised all three entities’ ICT environments and could access their sensitive or non-public data demonstrates there were gaps in their mitigation strategies,” the report states.

On 1 October 2018, in policy requirement three of the information security policy, the Queensland Government Chief Information Office made the Essential Eight mitigation strategies a minimum security requirement. For this audit, we focused on what the ACSC calls the ‘Top 4’ strategies, because it has stated that, if organisations effectively implemented these, they would mitigate at least 85 per cent of cyber intrusions.

The Top 4 mitigation strategies include:

  • application whitelisting
  • patching applications
  • restricting administrative privileges
  • patching operating systems

The audit office said none of the entities had implemented effectively.

Source: Qld govt cyber defences fail ethical hack test

Audit Report: Managing cyber security risks Report 3: 2019–20 

Cyber defences no match for hackers of Queensland government entities | Brisbane Times

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Audit: None of NSW’s lead cluster agencies have implemented all Essential Eight controls | ZDNet

Audit: None of NSW’s lead cluster agencies have implemented all Essential Eight controls | ZDNet

November 1, 2021

Incident: Two Sydney women charged over $500,000 BEC scam | iTnews

Incident: Two Sydney women charged over $500,000 BEC scam | iTnews

November 12, 2019

Incident: Australian Ransomware Breach December 2020 | ABC News (Australia)

Incident: Australian Ransomware Breach December 2020 | ABC News (Australia)

December 24, 2020

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

Incident: Thousands of donors to Australian charities, including Cancer Council and Canteen, have data leaked to dark web | ABC News (Australia)

August 23, 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Exclusive: Prime Properties listed as breach victim by M3rx ransomware

Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm. • Fri, 01 … [...]

Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand
Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand

Scammers observed impersonating Aussie toll operator Linkt and the New Zealand Police and Ministry of Justice. • Wed, 29 Apr 2026 • … [...]

NZ council cyber attack leads to ID and financial data being exposed
NZ council cyber attack leads to ID and financial data being exposed

A cyber attack impacting a New Zealand city council has compromised the data of hundreds of people. • Wed, 29 Apr 2026 • Security *]:clear-none … [...]

Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group

Hackers claim to have stolen 441 gigabytes of data, including internal correspondence, driver’s licence scans and revealing Christmas party photos. • … [...]

Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims

Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a … [...]

Most Australians leaving data open to cybercriminals
Most Australians leaving data open to cybercriminals

Two-thirds of Australians are sharing key information that makes them easy targets for scammers and cyber criminals. The new research from the Department of Home Affairs also found more than [...]

NSW Treasury staffer charged over major data breach | 7NEWS
NSW Treasury staffer charged over major data breach | 7NEWS

A 45-year-old New South Wales Treasury employee has been arrested and charged with accessing and downloading over 5,500 sensitive government documents containing confidential, commercial and financial information across multiple NSW [...]

Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business
Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business

Australian banks, power providers and infrastructure firms do not have access to test their systems against a powerful new AI cybersecurity risk, Anthropic's Mythos. Anthropic has claimed Claude Mythos is [...]

Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations
Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations

A newly published Australian Army Research Centre paper has highlighted the need for Australia to establish an Australian national cyber reserve … [...]

Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX

Australian investment firm Generation Life says there is no evidence of any unauthorised transaction, but is investigating a potential data breach. • … [...]

PAW 2026
PAW 2026

On this page Privacy Awareness Week 2026 Trust is built here. In every privacy complaint. In every resolution. Privacy Awareness Week (PAW) is an annual … [...]

RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner
RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner

A determination issued today by the Privacy Commissioner finds that the 2Apply rental technology platform, operated by InspectRealEstate (IRE), … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading