A Service to A.G. Coombs Group Clients
Is your Building Protected from Cyber Threats? Cyber security incidents reported against both government and private organisations continue to increase in both frequency and severity.
What are the Key Threats to Building Owners? The entry point into a building ecosystem is frequently not the end target of a cyber-attack.
• Building Services Technologies and networks are often
State-sponsored actors and criminals are attempting to exploit businesses by accessing sensitive information through increasingly sophisticated techniques. “Intelligent” Buildings are frequently connected to the Internet to enable operators to take advantage of key benefits such as remote monitoring, management and analytics. Building Services Technology platforms often provide entry points to other critical inter-connected business systems for these malicious actors.
• •
less scrutinized from a security perspective than other business technologies. Building Services Technologies and networks are considered “soft touch” entry points into Building ecosystems. With the uptake of converged networks combining multiple building services onto a single network, the implications are increased with the potential of multiple systems becoming compromised in the event of a cyber-attack.
The serious risks associated with insufficient cyber defences in commercial buildings are well understood.
YEAR IN REVIEW
Figure 1: Cyber security incidents by severity category for FY23-24 (total 1,129) Sustained disruption of essential systems and associated services
C6
C5
C6
C5
Extensive compromise
Isolated compromise C6
Coordinated low-level malicious attack
C6
Low-level malicious attack C6
Unsuccessful low-level malicious attack
Source: Australian Signals Directorate Annual Cyber Threat Report 2023-2024
1
C5
C6
1
C6
C4
6 57 1 81 13
C4
C5
C3
20 93 6
C5
C5
C6
53 20
C3
C3
C4
C4
C6
C1
15 75 6 60 70
C2
C3
C3
C4
1 46 7 95 360
C6
C6
Member(s) of the public
Small organisation(s)
Medium-sized organisation(s)
State government
Federal government
Sole traders
Schools
Academia/R&D
Local government
Large organisation(s)
Government shared services
Supply chain
C6
C1
C1
C2
C3
C3
C6
3 11 28
National security Systems of National Significance
Regulated critical infrastructure
ASD categorises each cyber security incident it responds to on a scale of Category 1 (C1), the most severe, to Category 6 (C6), the least severe. Cyber security incidents are categorised on severity of impact and significance of the organisation’s impact to Australia. In FY2023–24, there was a slight decrease in the number of extensive compromises, while the number of unsuccessful low-level malicious attacks increased by 10% compared with FY2022–23. There was also a 39% increase in isolated compromises this financial year.