The Minister for Home Affairs and Cyber Security, Clare O’Neil, says businesses must address major software vulnerabilities.

For the first time, a government minister has publicly called for the patching of specific software bugs, emphasising the critical need to fortify defences against potential cybercriminal activities.

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) released three critical bug alerts in June, July, and August. 

Despite these warnings, Australian businesses have been slow to take action, and the ACSC is receiving weekly reports of incidents that could have been prevented with timely patch installation.

Minister O’Neil has urged businesses to take more proactive steps, noting that most cyberattacks are preventable, with regular patching being a key measure.

Cybercriminals often exploit software vulnerabilities to compromise networks and carry out extensive cyberattacks. 

In some cases, they initiate attacks within 48 hours of a vulnerability becoming known. 

While software providers release patches, many businesses fail to update their software versions, leaving them exposed.

The alerts issued include vulnerabilities related to Fortinet’s firewall product, Fortigate (June), Citrix’s Netscaler products (July), and Ivanti Senty (August). The Citrix bug was categorised as a zero-day vulnerability, making it particularly risky. 

The Australian government is set to reveal a new Cyber Security Strategy to bolster the nation's cybersecurity, aiming to become the world's most cyber-secure nation by 2030.