The discoveries provide insights into the tactics employed by cyber criminals, shedding light on the apparent indifference ­organisations exhibit when it comes to addressing security flaws affecting their software and equipment.

The Australian Cyber Security Centre is urging technology vendors, designers, developers, and end-user organisations to implement specific ­design principles to reduce the risk of compromise by malicious cyber actors. It comes after high-profile data breaches affecting the likes of Medibank and Optus and their millions of customers.

“We have used the power of our international partnerships to identify the attack methods most popular with malicious actors ­operating internationally,” Australian Cyber Security Centre boss Abigail Bradshaw said on Friday.

“Every organisation should be using this list to patch their systems and use it to guide their vulnerability management strategy. Equally, industry can use this list to strengthen products in design processes. Unpatched software is a top access route for hackers and no one should assume all their systems are up to date.”

The security agencies’ recommendation is for businesses and system administrators to promptly implement patches, therefore forcing attackers to ­explore alternative, potentially more expensive avenues of attack.

Jira, which is a piece of workplace software from Australian software company Atlassian, is listed as having one of the most exploited vulnerabilities globally, allowing attackers to impersonate legitimate users. The company patched a critical vulnerability in February and ­advised system administrators to upgrade immediately to the latest version.

According to recent research, global cyber attacks rose 38 per cent last year, with 43 per cent of all cyber attacks aimed at small businesses. By the end of this year the annual global cost of cybercrime is predicted to top $8 trillion, with a business falling victim to a ransomware attack every 14 seconds.

The Australian Cyber Security Centre estimates 43 per cent of all Australian cybercrime is directed at small businesses, with the average cost to small business nearing $39,000; $88,000 for medium business, and more than $62,000 for large business.

Under the new Cyber Warden Program, the federal government is investing $23.4m cyber wardens to build small business cyber resilience, with up to 60,000 wardens available in the next three years.

Some of the most at-risk sectors include government, health and social assistance, information and telecommunications, and education and training, according to the government.

While businesses are increasing their allocation of funds ­towards cyber security, questions remain over whether funds are being directed to the right areas, according to HLB Mann Judd risk and assurance partner Kapil Kukreja.

“The reputational and financial consequences for businesses are so great, that directing the right amount of funds into the right areas should now be considered the No. 1 operational priority,” Mr Kukreja said.

More related stories

Technology

Sony hikes price of PS5 in wake of Trump’s tariffs

Sony cited a ‘challenging economic environment’ behind a price hike for its PlayStation 5 gaming consoles, in response to Donald Trump’s reciprocal tariffs.

Read more

Technology

Doctors turn to AI-powered consultations

An Australian start-up is supporting more than one million GP consultations each week thanks to AI and Google – and expects that number to surge to about 10 million soon. Here’s how you consult is changing.

Read more