High cyber maturity cross NSW Government is critical to delivering secure, safe and trusted services.
During the first year of a three-year investment, Cyber NSW has laid the groundwork for protecting customers from security threats.
An injection of investment from the Digital Restart Fund has meant Cyber Security NSW is helping to change cyber maturity from incident-based, to proactive and best practice.
The fund has made many initiatives possible which will underpin greater security and integrity for the services used by NSW customers:
Cyber Security NSW is now providing services to local councils
The Vulnerability Management Centre provides NSW Councils with ‘On Request’ internal and external vulnerability testing. NSW Councils now also have NSW Government support in running Cyber Security Health Checks and implementing infrastructure security review programs.
Educating NSW Government teams
Up to 80% of successful cyber attacks occur as a result of human interactions, with many incidents the result of people falling victim to phishing campaigns. NSW employees are readying for the increasing threat of malicious cyber attacks through a mandatory ‘Essentials’ training program funded through the Digital Restart Fund. In 2020-21, 12,349 public servants were trained.
Combating digital scams
Digital scams are on the rise, costing Australian businesses over $81 million in the last financial year. To tackle the threat, the NSW Government has introduced a domain-based Message Authentication, Reporting and Conformance tool (DMARC). This means only authorised individuals can send emails using nsw.gov.au.
Whole of government cyber readiness
Like a physical threat, a major cyber security incident can impact community safety and critical infrastructure services. Departmental secretaries recently took part in a whole of NSW Government program, Exercise Greenpatch.
In April 2021, the exercise brought together all nine departments to test and practice the NSW Cyber Incident Response plan, as well as respective department plans. Representatives from each of the department’s cyber security teams took part in an exercise based on a fictitious ransomware attack and were required to provide a functional response and practice escalation flow.
Through delivering consistent and tailored cyber education, the Digital Restart Fund has increased the expertise capability and expertise across multiple streams of work and agencies.
The next two years of the three-year investment will focus on sustainability; as threats evolve, continuous improvements are needed to sustain maturity over time.
“This has allowed us to move cyber from a reactive to proactive process “ Cyber NSW Senior Executive