October is Cyber Security Awareness Month and it offers an opportunity for all Australians to take action to improve their cyber security.
This Cyber Security Awareness Month, the Australian Government theme is 'Building our cyber safe culture'.
For simple steps and resources to safeguard yourself online, visit actnowstaysecure.gov.au/cybermonth2025
For those who need more than the basics, join ASD’s ACSC as we take action to protect networks and digital infrastructure now and into the future.
We will be addressing a new topic each week to support you and your organisation to take action and build a robust cyber security posture and culture.
Our weekly themes are:
You cannot defend what you cannot see. Take action and ensure you have best practice logging in place.
Event logging is a vital tool in your organisation’s cyber security arsenal. It helps alert network defenders to:
- cyber security events (like critical software configuration changes) and
- the presence of malicious actors.
More malicious actors are using Living off the Land (LOTL) techniques, which won't always be seen by traditional security tools. This highlights why it’s important to implement and maintain an effective event logging solution.
Use our resources to take action and improve your cyber security.
Further reading
Legacy technology is outdated hardware and software that can leave your network or system vulnerable to malicious actors. Take action now to replace legacy technology or put in appropriate mitigations.
Ensuring your organisation’s technology is up to date is less expensive than a major cyber incident – it is vital that organisations take action on these changes.
Legacy technology can leave an organisation’s most important data, networks and devices vulnerable to a cyber attack.
The most effective strategy to reduce the risk from legacy technology is to take the vital steps to replace it. If it’s not feasible, or replacement takes time, adopt temporary measures like network segmentation and advanced logging and monitoring to reduce the associated risks.
Use our resources to take action and ensure your legacy isn't at risk.
Further reading
- Managing the risks of legacy IT: Executive guidance
- Managing the risks of legacy IT: Practitioner guidance
The cyber security of your suppliers and third parties are also your risks. Choose products and services that are secure by design.
Cyber supply chain risk management should form a significant component of any organisation’s overall cyber security strategy.
An effective supply chain and third party risk management strategy supports the secure supply of products and services through their lifespan.
Cyber supply chain risk is present if a supplier, manufacturer, distributor or retailer are involved in products or services used by an organisation.
As part of this strategy, businesses should make changes to ensure they:
- identify the supply chain
- understand cyber supply chain risk
- set cyber security expectations
- audit for compliance
- monitor and improve cyber supply chain security practices.
Find further information on each of these steps, and how to take action on cyber supply chain security in the following resources.
Further reading
Quantum is coming. Take action now to adopt post quantum cryptography to safeguard your digital infrastructure now and into the future.
A cryptographically-relevant quantum computer will render common public-key encryption protocols insecure.
This means communications, information and data you once thought secure, could be at a greater risk of compromise. We encourage all organisations to be prepared by 2030 by moving to more secure forms of encryption.
It is vital relevant staff are educated on what this technology will mean for cyber security. Organisations should consider decommissioning technologies that can’t be upgraded. It is important to act now and prepare for this technology.
To take action and prepare your organisation using the 'LATICE' framework:
- Locate and catalogue the use of traditional asymmetric cryptography.
- Assess the value and sensitivity of systems and data protected by traditional asymmetric cryptography.
- Triage systems using traditional asymmetric cryptography and prioritise individual systems for transition.
- Implement post-quantum cryptographic algorithms throughout systems.
- Communicate with vendors and stakeholders, and educate and train relevant stakeholders on the PQC transition.
The adoption of post-quantum cryptography is crucial right now to safeguard digital infrastructure into the future. Use the following resources to take action and prepare.
Further reading
Cyber Security Awareness Month 2025 stakeholder resources kit
Download our stakeholder kit for social media content, editorial and key messages for technical audiences. If you would like to subscribe to receive future stakeholder kits from ASD's ACSC please email us at: asd.publiccomms@defence.gov.au.
Get social
Find more CAM content on our social media channels and share the latest content with your followers using the hashtag #CyberMonth2025. By sharing, you can help people take action and improve their cyber security.