The Australian National Audit Office (ANAO) has labelled Australia Post as not effectively managing cybersecurity risks, with a report highlighting weaknesses in the postal service’s implementation of its risk management framework.
In the Auditor-General’s Performance Audit Cyber Resilience of Government Business Enterprise and Corporate Commonwealth Entities [PDF], ANAO recommended Australia Post continue to implement its cybersecurity improvement program and key controls across all its critical assets to enable cyber risks to be within its tolerance level.
While ANAO said Australia Post has a fit for purpose cybersecurity risk management framework, it said it falls short of actually meeting the requirements, having not implemented all specified key controls.
“Australia Post has not fully implemented controls in line with either the Top Four or the four non-mandatory strategies in the Essential Eight,” ANAO wrote.
The Essential Eight — a government-mandated…