Skip to content
cybersecurity-1
Brad Crismale3 min read

Cyber Awareness Month - Event Logging

Cyber Awareness Month - Event Logging
4:52

October 2025

Cybersecurity Awareness Month – Event Logging

“You cannot defend what you cannot see.”

That principle is at the core of Cybersecurity Awareness Month Week 1, where the spotlight is on event logging - the foundation of effective cyber defence and business resilience.

Why Event Logging Matters for Executives

Event logging is not just a technical checkbox - it’s a strategic necessity. For business leaders, the stakes are clear:

  • Risk Exposure: Without reliable logs, your organisation may not even know it’s under attack until data is stolen or operations are disrupted.

  • Regulatory Compliance: Many standards and regulations (such as ISO 27001, APRA CPS 234, the ACSC Essential Eight and SMB1001 for Small Business) explicitly require logging and monitoring. A failure here can mean not only reputational damage but also legal and financial penalties.

  • Incident Response: In the aftermath of a breach, event logs are the evidence that investigators and regulators will ask for. If they don’t exist—or if they’ve been tampered with—executives will struggle to answer the most important questions: When did it happen? What was affected? Have we contained it?

Executives must therefore view logging not as an IT task, but as a critical business enabler that underpins cyber resilience, customer trust, and compliance.

The Challenge: Living Off the Land (LOTL)

Attackers increasingly use Living off the Land (LOTL) techniques, where they weaponise legitimate tools and processes already inside your environment. These attacks don’t always trigger traditional alarms because they don’t rely on obvious malware signatures.

For example, state-sponsored groups like UNC3886 exploit blind spots in infrastructure where endpoint security cannot reach. They have been observed disabling logs, using kernel-level rootkits, and abusing trusted hypervisor channels to move laterally.

This means that even organisations with strong endpoint security and firewalls can remain compromised for months - simply because they couldn’t see the evidence.

Best Practices for Event Logging

The Australian Cyber Security Centre (ACSC) recommends several steps to ensure event logging is effective and reliable:

  1. Develop a logging policy – Identify which events are critical for your business and mandate they are always logged.

  2. Centralise logs – Consolidate logs into a secure, central system for correlation and detection.

  3. Protect log integrity – Ensure attackers (or even insiders) cannot alter or delete log records.

  4. Automate analysis – Use analytics and AI to identify abnormal activity that may indicate a breach.

  5. Audit and test – Regularly validate that your logging strategy is complete, functional, and aligned to compliance obligations.

  6. Retain logs long enough – Store logs for a period that supports both regulatory requirements and incident investigations.

👉 Best practices for event logging and threat detection – ACSC

Why Executives Should Care Now

From a leadership perspective, weak logging practices represent more than a technical oversight. They create:

  • Operational risk – Prolonged undetected compromises can disrupt core services, impact safety, and affect customer trust.

  • Strategic risk – Attacks targeting blind spots, like those seen in UNC3886 campaigns, can undermine competitive advantage by stealing intellectual property or sensitive government data.

  • Compliance risk – Failure to log events adequately may put your organisation out of alignment with regulatory and contractual obligations.

Ultimately, strong event logging translates into faster detection, faster response, and reduced impact when - not if - an incident occurs.

How Matrium Can Help

At Matrium Technologies, we work with leading vendors to help organisations close visibility gaps and strengthen cyber resilience.

  • Network & Application Testing – Ensuring your systems and infrastructure log effectively under real-world conditions.

  • Advanced Threat Detection – Leveraging AI-driven solutions like to detect behaviours attackers cannot hide, even when they disable logs.

  • Compliance Alignment – Helping executives translate ACSC best practices into measurable, auditable outcomes.

  • End-to-End Visibility – Providing solutions that integrate event logging, network detection, and identity monitoring to give you a single source of truth across your hybrid environment.

In short, Matrium helps you see what matters most - so you can defend with confidence, comply with certainty, and act with speed when threats emerge.

Learn More
avatar
Brad Crismale
Brad Crismale is a senior leader at Matrium Technologies, focused on delivering strategic outcomes for clients through innovative network and cybersecurity solution
COMMENTS

RELATED ARTICLES