The Australian Cyber Security Centre (ACSC) has developed a new publication to assist Agencies and businesses going through Machinery of Government (MoG) or other changes to manage the increased cyber security risks the changes bring.
In a statement, the ACSC said organisations undergoing major organisational change, whether it be through a merger, acquisition or MoG, were an attractive target for cyber criminals due to the significant upheaval and disruption to the normal flow of business.
“Cyber criminals know that major change brings disruption, making it easier to scam staff and compromise systems with social engineering attacks such as Ransomware, business email compromise, payroll fraud and phishing campaigns,” the ACSC said.
“The reality is that organisations must be prepared, well before they announce they’re entering an acquisition or merger.”
ACSC said its new Mergers, Acquisitions and Machinery of Government Changes publication included information on what staff should be wary of, including scams and bogus requests for data, payment or access from people they did not know.
“Cyber security is a critical part of major organisational change and to manage the increased risk, organisations should focus on three areas,” ACSC said.
It said they should minimise the accumulation and compounding of technical debt; ensure data and systems were well integrated and properly patched, supported and monitored; and understand the previous operating environment and security controls which protected data and systems to ensure appropriate protection was afforded in the new operating environment.
ACSC’s eight-page guide can be accessed at this PS News link.