The latest Annual Cyber Threat Report issued by the Australian Signals Directorate (ASD) has reinforced the reality that Australia's cyber risk is escalating, but current cyber resilience practices are struggling to maintain pace. In 2024, Australia's national infrastructure and core industries were targeted at an unprecedented rate, resulting in the Australian Cyber Security Centre (ACSC) responding to over 1,200 major cyber security incidents, an 11% increase compared to previous years.  

Maintaining accurate records and modern IT systems is essential to national cyber resilience, yet for many organisations these remain major weaknesses. To address this, the ASD has prioritised best-practice logging and the replacement of legacy systems across government and industry. The report states that:

Businesses should operate with a mindset of ‘assume compromise’ and prioritise the assets or ‘crown jewels’ that need the most protection. 

The Logging Gap

Logging is one of the four ‘big moves’ the ASD recommend for cyber resilience. Event logging records key actions and system events across an organisation’s digital environment. It provides a clear trail of activity, helping businesses detect and respond to unusual behaviour. Without it, identifying issues or tracing the source of a breach becomes far more difficult.

Gaps in event logging are a common weakness, even in business-critical systems, often allowing hackers to go undetected or regain access even after an incident has been resolved. Without clear logging policies, or a baseline for normal system activity, unusual behaviour can blend in with legitimate activity, making it difficult to identify potential threats until it’s too late.

Strong event logging enables faster, more cost-effective responses and provides valuable insights into how incidents occur, helping prevent future breaches.

But logs are only as useful as they are usable. Many indicators of compromise are missed because the information owners can’t see the logs, which are hidden in the back-end admin portals of their systems. Castlepoint automatically records and monitors activity across the systems it manages, creating centralised audit trails and clear visibility over how information is accessed and used, strengthening detection, response and overall security. Closing the logging gap means more than just capturing the logs – they also need to be seen and scrutinised, by people who understand the ‘crown jewel’ data risk, through a single pane of glass.  

Legacy IT

Outdated hardware or software from legacy systems often lacks modern security features, making it an easy target for attackers. These systems not only heighten the risk of a cyber incident but can also worsen the impact of unrelated breaches elsewhere in the network.

Attackers frequently exploit legacy environments as entry points to access newer systems holding critical data. The ASD recommends replacing legacy IT outright. Yet, for many organisations, this approach may not be practical due to cost, time, or operational constraints.

Castlepoint offers a smarter solution. The AI platform operates across both modern and legacy systems, identifying, classifying, and governing records based on their content. In this way, we can find those crown jewels, and make sure they are migrated or protected first, allowing some more time to completely overhaul or retire the whole source system.

This approach has already been proven at the Australian National University, where Castlepoint helped identify, tag and migrate data from legacy systems, enabling the safe decommissioning of unsupported platforms while retaining valuable information.

Focus on Critical Industry

These risks are most evident across Australia’s critical infrastructure networks, which account for 13% of all cyber incidents nationwide. Regularly targeted by international, government-funded cyber groups, these sectors hold vast amounts of sensitive data that make them high-value targets. The ASD report highlights growing threats to healthcare and telecommunications in particular:

• Healthcare: A prime target for ransomware and data theft, with attackers exploiting operational urgency and fragmented IT systems.
• Telecommunications: Compromises in this sector can have widespread effects across other critical services. The ASD stresses the need for greater data visibility to detect and respond to incidents more effectively, a focus echoed in the recent ACSC guidance on enhancing visibility and hardening communications infrastructure.

It is especially important that these sectors, and all critical industries, understand the expanding attack surface created by interconnected systems and supply chains, and take proactive steps to strengthen their defences.

You can read more about the specific needs of critical industry here, including the Critical Infrastructure Risk Management Rules and the Critical Infrastructure Bill.  

From Awareness to Resilience

The ASD’s report highlights the evolving threats that continue to challenge Australia’s cyber resilience. It defines cyber maturity as an organisation’s ability to understand its data exposure and maintain clear control over its information systems.

Castlepoint enables this capability by connecting fragmented systems through an interoperable architecture that delivers full visibility to detect, respond to, and secure against cyber threats.

If your organisation is unsure of its current maturity or looking to strengthen its security posture, now is the time to act.

Contact Castlepoint Systems to see how we can help you improve visibility, control and confidence across your information environment.

‍

Read more critical infrastructure case studies:

• Fortifying National Broadband Infrastructure with AI-Powered Data Governance
• How a Critical Infrastructure Program Achieved Compliance Without Compromise
• South East Water: PII discovery project defends against increased cyber threats
• AI-Powered Data Governance Secures Critical Water Infrastructure

‍