The ANAO has revealed several federal departments are relying on “ad hoc” cyber security systems. 

The Australian National Audit Office has released a new report which finds, despite malicious cyber activity being a “significant” government threat, a number of government departments are lagging behind.

The Auditor-General's office found 14 government entities, including federal departments, had cyber security systems that exposed them to serious threats and data breaches.

An early audit had found that just four of the 14 entities audited had complied with a mandatory security framework offered by the ASD's Australian Cyber Security Centre.

Departments are required to develop cyber security strategies along four main headings: governance, information security, personnel security and physical security.

The cyber security efforts of the Education and Health Departments along with the Australian Trade and Investment Commission were marked as “ad hoc”.

Home Affairs, Attorney-General's Department and Australian Signals Directorate were all found not to have worked to support the entities putting the strategies into effect.

The Department of Prime Minister and Cabinet and the Attorney-General’s Department both incorrectly self-assessed as being fully compliant, but the audit found they are instead considered “vulnerable” to cyber attack under official frameworks.

“There is scope to further improve the accuracy of entities' [self cyber security] assessments and strengthen arrangements to hold entities to account for the implementation of cyber security mandatory requirements,” the report states.

More details are available here.