Search

Small Business Cloud Security Guides: Executive Overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

ABC Radio interview with Head of ACSC   News

Mar 31, 2021 - Abigail Bradshaw CSC, Head of Australian Cyber Security Centre, interview with Fran Kelly on ABC Radio National, 31 March 2021.

Personal cybersecurity: First steps guide   Guidance

Apr 14, 2023 - The first of three cybersecurity guides in the personal cybersecurity series is designed to help everyday Australians understand a basic level of cybersecurity and how to take action to protect themselves from cyberthreats.

Cybersecurity Best Practices for Smart Cities   Publication

Apr 20, 2023 - This guidance is the result of a collaborative effort from the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

Easy steps to secure yourself online   Guidance

Apr 7, 2021 - Reduce the risk of being targeted by cybercriminals by following these easy steps.

2021-003: Ongoing campaign using Avaddon Ransomware   Advisory

May 8, 2021 - The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors. This advisory provides details of Avaddon threat actors, dark web activity, targeted countries and sectors, the malware infection chain, and known Techniques, Tools, and Procedures (TTPs). If activity is identified relating to this advisory please report any findings to the ACSC.

Guidelines for cybersecurity incidents   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity incidents.

Cybersecurity for charities and not-for-profits   Guidance

Mar 12, 2024 - How to avoid common cyberthreats and protect your mission .

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways   Advisory

Feb 28, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cybersecurity Center (ASD’s ACSC), and the UK’s National Cybersecurity Centre (NCSC), are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893—multiple vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.

Ransomware   Threat

Read through the following case studies and learn from other Australians about how ransomware has affected them.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Cybersecurity guidelines  

Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

The Commonwealth Cybersecurity Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cybersecurity Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

Advisory 2020-017: Resumption of Emotet malware campaign   Advisory

Oct 30, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.

Engaging with artificial intelligence   Publication

Jan 24, 2024 - The purpose of this paper is to provide organisations with guidance on how to use artificial intelligence (AI) systems securely. The paper summarises some important threats related to AI systems and includes cybersecurity mitigation strategies to aid organisations in engaging with AI while managing risk. It provides mitigations to assist both organisations that maintain their own AI systems and organisations that use third-party AI systems.

Secure your mobile phone   Guidance

Nov 12, 2024 - The security of your mobile phone can be as crucial as your computer. Follow these steps to protect your phone or tablet from cybercriminals.

Russian State-Sponsored and Criminal Cyberthreats to Critical Infrastructure   Advisory

May 17, 2022 - The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Connecting to public Wi-Fi and hotspots   Guidance

Apr 11, 2023 - Public Wi-Fi hotspots are found everywhere in places like your local shops, cafes, hotels and even at some parks. They can be a convenient way to access the internet when you are out, have poor reception or are travelling overseas. Learn more about connecting to public Wi-Fi and hotspots securely.

2021 Top Malware Strains   Advisory

Aug 5, 2022 - This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

Protecting industrial control systems   Publication

Jul 1, 2018 - Industrial control systems are essential to our daily life. They control the water we drink, the electricity we rely on and the transport that moves us all. It is critical that cyberthreats to industrial control systems are understood and mitigated appropriately to ensure essential services continue to provide for everyone.

Small Business Cloud Security Guides: Technical Example - Multi-Factor Authentication   Publication

Dec 16, 2022 - Multi-factor authentication (MFA) makes it harder for adversaries to use compromised user credentials to access an organisation’s systems. It is one of the most important cybersecurity measures an organisation can implement.

#StopRansomware: Play ransomware   Advisory

Dec 19, 2023 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Bring Your Own Device for executives   Publication

Oct 6, 2021 - Bring Your Own Device (BYOD) scenarios enable organisations to take advantage of new technologies faster. It also has the potential to reduce hardware costs and improve organisational productivity and flexibility. However, BYOD also introduces new risks to an organisation’s business and the security of its information, which need to be carefully considered before implementation.

Essential Eight maturity model FAQ   Publication

Oct 28, 2024 - This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Cybersecurity principles   Advice

Mar 18, 2025 - Follow the Information security manual (ISM)'s cybersecurity principles to protect information technology and operational technology systems, applications and data from cyberthreats.

Personal cybersecurity: Next steps guide   Guidance

Jun 16, 2023 - The second of three cybersecurity guides in the pesonal cybersecurity series is designed to help everyday Australians understand a moderate level of cybersecurity and how to take action to protect themselves from cyberthreats.

Hardening Linux workstations and servers   Publication

Nov 27, 2023 - This publication has been developed to assist organisations in understanding how to harden Linux workstations and servers.

How to use the internet securely: A guide for seniors   Guidance

Oct 1, 2021 - Some basic cybersecurity practices that you can use to protect yourself when accessing the internet.

Industrial control systems: Remote access protocol   Publication

Oct 6, 2021 - External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method.