Quarter 3, 2021

Membership matters at AusCERT

By Marty Molloy and Mark Carey-Smith

AusCERT's membership is currently made up of 640 member organisations comprising several tiers of membership levels (small to enterprise).

Members are grouped into defined Australian and New Zealand Standard Industrial Classification categories and the top 3 industries represented by our members are from the following sectors: 

1. Education & Training
2. Financial & Insurance Services
3. Health Care & Social Assistance.

This Q3, 2021 report provides an overview of the cyber security incidents reported by members, from 1 July - 30 September 2021 and includes a summary of other key achievements this quarter. 

Table of AusCERT incident management service by incident type

INCIDENT MANAGEMENT

AusCERT’s Incident Management Service (sometimes referred to as incident response) includes incident coordination and incident handling, both of which are standard inclusions as part of AusCERT’s membership services. As a 24/7 membership benefit, it is perhaps AusCERT's most focal service offering.

The above table contains statistics of the incidents that were reported by members and acted on by our analyst team.

In Q3, 2021 AusCERT serviced 402 tickets which resulted in an average of approximately 7 tickets per business day of operation.

AusCERT members can utilise AusCERT’s considerably large overseas and local contact networks for removal of phishing and malware sites.

architectural photo of the inside of a building

SECURITY BULLETINS

AusCERT distributes security advisories and bulletins to its members by email and publishes a portion of them to its public website. Bulletins are published in a standardised format with a consistent approach to classifications of vulnerabilities, impacts and affected operating systems.

In Q3, 2021 a total of 1,035 External Security Bulletins (ESBs) and 75 AusCERT Security Bulletins (ASBs) were published.

AusCERT members receive consistent security bulletins across a wide range of vendors, enabling the practice of streamlined security patching.

AusCERT analysts specialise in vulnerability research to deliver members a consistently formatted feed of bulletins across major platforms and vendors.

Bar graph of AusCERT issued bulletins for Q2, 2021

MEMBER SECURITY INCIDENT NOTIFICATIONS (MSINs)

AusCERT members benefit from its considerably large overseas and local threat intelligence feeds with respect to incidents that have been detected by other parties but concern the members.

There are several categories of incidents and this service has been running for members for several years. These notifications are a mix of Indicators of Vulnerabilities (IoV) and Indicators of Compromise (IoC).

These customised security reports contain notifications for organisations’ domains and IP ranges.

AusCERT MSINs are customised for each members’ organisation, based on their IPs and domains.

AusCERT MSINs by industry by incident type for Q2, 2021

MEMBER ENGAGEMENT INITIATIVES

Communications

August saw the team at AusCERT participate in the annual Asia Pacific Computer Emergency Response Team (APCERT) drill. An opportunity to maintain and improve awareness and skills for participants within the cyber security community through this collaborative undertaking.

The drill has grown in importance with an increase in the reliance on the digital economy in our region, with the exercises reflecting real-world situations that help strengthen the skillset of AusCERT team.

You can read more about how AusCERT performed and a little more about the drill at the following link: APCERT Cyber Drill 2021.

Mike Holm, Senior Manager at AusCERT, provided an insight into the value for organisations in using threat intelligence in establishing an effective cyber defence strategy.

Examples include preventative measures, such as studying operational intelligence, that help connect similar events and data. This in turn allows campaigns to be correlated and to gain a better understanding of the techniques used in incidents such as ransomware attacks.

Since the initial release in June this year, an additional five episodes of our podcast, Share today, Save tomorrow, have been added to our listening library!

With a broad range of topics, featuring some sensational special guests, there is an array of fascinating insights, great stories from the field and lessons you can take back to your workplace.

Listen to our podcast on SoundCloud, Spotify, Apple Podcasts and Google Podcasts.

Training

Q3 saw AusCERT deliver Introduction to Cyber for School Professionals training sessions, aimed for anyone that works in the education sector.

The outcomes include participants gaining a fundamental knowledge of cyber security; an understanding of cyber security threats and relevant countermeasures; an introduction to behavioural science examples to better understand decision-making behaviours and, an improved ability to manage cyber security risks.

We also have some training sessions for the remainder of 2021 that will be delivered remotely via Zoom that include Cyber Security Risk Management and Introduction to Cyber Security for IT professionals.

If you or any of your colleagues wish to learn more about any of the training courses AusCERT provides, please email our Membership team directly at: training@auscert.org.au

TopBuilt with Shorthand