What can businesses do to protect themselves from cyber attack?
CERT Australia encourages businesses to be prepared before an incident occurs. This involves a business knowing its network, understanding the value of its information, and understanding how both are protected. Being prepared also involves a business understanding what constitutes normal behaviour on its network. By knowing this, a business is more likely to detect unusual behaviour.
Refer to the advice page for more information.
Why partner with CERT Australia?
We encourage major businesses to partner with us before an incident occurs. Prevention is much better than cure when critical business systems are at stake. By having this relationship in place, we can share information efficiently and effectively with businesses to help with prevention and if necessary, mitigation.
Why is it important for businesses to report cyber incidents?
Timely reporting of cyber incidents to CERT Australia allows us to form a more accurate view of cyber security threats and make sure that businesses receive the right help and advice. All information provided to us is held in the strictest confidence.
Why have I received an email from CERT Australia about my website?
If you own a website (ie you are the registered domain owner), you may receive an email from us to notify that your website may be hosting or redirecting to malicious content.
Refer to the guidance page for more information.
Why have I received an email from CERT Australia about compromised credentials?
We sometimes receive information from partner organisations about details of compromised user credentials. We then attempt to identify and notify those affected, by email.
The email will be from firstname.lastname@example.org and will include key information about the incident. We will also strongly recommend the issue be addressed as soon as possible.
Our contact details, including phone numbers, will be at the bottom of the email if you would like to verify the legitimacy of the message.
How is CERT Australia different from commercial CERTs?
CERT Australia is part of the Federal Attorney-General’s Department. We also work in the Australian Cyber Security Centre, sharing information and working closely with the Australian Security Intelligence Organisation (ASIO), the Australian Federal Police (AFP), the Australian Signals Directorate (ASD) and the Australian Criminal Intelligence Commission (ACIC). In addition, we work closely and share information with our international counterparts.
By using our government, industry and international networks, we provide businesses with the most useful and effective advice possible, as soon as possible.
We are a trusted source of information and advice on cyber security issues. We are not a regulator and we don’t compete with commercial services in the market. Our services are free and we do not promote any particular products.
What about investigating cyber security incidents?
If your business has experienced a cyber security incident, this may result in a police investigation.
Law enforcement cyber crime teams are well aware of, and will attempt to minimise the potential business impacts a criminal investigation can have on an organisation. However, there are likely to be some effects that need to be weighed against business interests.
This may involve considering whether or not you are prepared to keep the breached system open to preserve evidence, or shut down the system to prevent further intrusion – thereby running the risk of destroying potential evidence.
If you would like to have a cyber security incident investigated by law enforcement:
individuals and small businesses should report the incident to the Australian Cybercrime Online Reporting Network
disconnect the compromised machine from the network and wait for law enforcement to respond
keep the system turned on – RAM data will be lost if a machine is powered down
leave the compromised machine alone – do not run programs or open files – leave this for law enforcement. Interacting with the machine can destroy forensic evidence and prevent an investigation from progressing
if virtualised, suspend the compromised machine and copy the related files to new media.
You may decide not to report a cyber security incident to law enforcement. However, it is still important to report an incident to CERT Australia.