A report published in the state parliament today reveals that 90 per cent of Victorian government agencies were targeted in cyberattacks in 2022.
The Victorian Auditor-General’s Office found around 94 per cent of user accounts at audited agencies are not registered for multi-factor authentication (MFA).
Stay up-to-date on the latest news with The Victorian Briefing – keeping you in the loop with news as it hits:
MFA is a security measure that mandates users to confirm their identity through two or more methods before accessing an agency’s systems or documents.
“Cyber security threats in Victoria are real and growing.” Auditor-General Andrew Greaves’ report said.
The report, published on Wednesday, examined the effectiveness of agencies’ Microsoft 365 cloud-based identity and device management controls.
The report finds successful attacks on Victorian Government agencies have “seriously disrupted” critical services.
“Agencies have recognised the need to establish a whole-of-government approach. But they need to do more to improve cybersecurity for the entire sector.”
The reports pointed out that four agencies gave users the lowest possible access they needed to do a task.
“Agencies do not always have the resources to establish cybersecurity teams with up-to-date knowledge and skills. But they could benefit from a whole-of-government approach to implement these controls to improve their cybersecurity,” the reports said.
Victoria has been continuously exposed to cybersecurity attacks, with multiple hospitals experiencing a cyber attack in September 2019.
Users installed software that made the booking system unusable for more than 24 hours.
Despite no risk of leaking patient information, surgeries were delayed.
Subscribe to The Briefing, Australia’s fastest-growing news podcast on Listnr today. The Briefing serves up the latest news headlines and a deep dive into a topic affecting you. All in under 20 minutes.