Cyber attacks by foreign governments, malicious companies and enterprising hackers are on the rise. And the biggest problem is you.
Original article by Daniel Ziffer
Forget sequences from blockbuster films of gangs breaking into secure buildings, avoiding guards to attach a “tap” to a blinking server. Real hackers walk through the front door by sending you an email.
Key points:
- A hacker stays inside an organisation on average for eight months before being found
- Most hacks start with a simple opening of an email
- The best protection is at an individual level, installing security patches when available, as well as two-factor authentication
“Ninety per cent of cyber attacks worldwide begin with an email. Most organisations don’t really look at their email security that carefully,” said Michael Connory, chief executive of Security In Depth.
“Everybody is vulnerable. Australian organisations have no idea how vulnerable they are.”
After a cyber breach of the Federal Parliament’s computer network and a warning from one of Australia’s most senior military figures that the threat of similar attacks is on the rise, experts are pleading with Australian businesses to take the threat seriously.
“The easiest way for an attacker to get into an organisation is by phishing, by email,” Mr Connory explained.
It’s simple. Somebody in an organisation opens an email and are directed to click on a link, usually something that requires an action such as: “You need to update your details”.
When the person logs in, they inadvertently give their username and password to a hacker.
The information is then used to get into the broader computer systems of an organisation.
Consumers hit
Consumers feel the impact of breaches through the potential for identity theft.
Vast amounts of personally identifying detail is available online, and criminals don’t need much to get you in trouble.
“Your Tax File Number, your driver’s licence number, date of birth … from that small amount of information they could begin to set up companies, obtain credit, start to obtain loans, run up huge debts,” Mr Connory noted.
“A vast array of damage.”
For businesses, the danger goes beyond losing important data or confidential files.
Almost half of data breaches in Australia are in health and finance, where organisations risk losing the vital trust of customers and their ongoing business.
Patch, patch, patch
PHOTO: Melbourne University’s Suelette Dreyfus says the best defence starts at home. (Supplied)
Cyber security expert Dr Suelette Dreyfus from the School of Computing and Information Systems at the University of Melbourne said Australian businesses could easily trim their exposure in two simple ways.
“Patch, patch patch! Upload all of those security updates from the operating system, and set it to auto-update,” Dr Dreyfus said.
“The other is to set up two-factor authentication … for all of your accounts; your Google, your Facebook, your Twitter, because now those things are your outward view to the world.”
Two-factor authentication is common in online banking products.
Entering your username and password on the website prompts a text message to your smartphone that includes a four or six digit code. Without submitting the code, you can’t get in to your accounts.
“The vast majority of threat that Australian businesses face, in a cybersecurity sense, is from criminal elements,” Dr Dreyfus added.
“But there’s also the risk of industrial espionage, stolen IP (intellectual property). This stuff matters”.
Few defences
Major General Marcus Thompson told AM the threat of cyber attacks on the military is on the rise, but it was the broader capacity for the Australian Government to respond to a big fight in cyber space that kept him up at night.
“I have a concern, and I know this concern is shared by many of my colleagues and mates throughout the national security community, that in the event of a significant incident on Australia in cyber space, the resources that would be required to respond might not exist at the scale that might be required,” Major General Thompson said.
Major General Thompson leads the Information Warfare Division, which was set up in mid-2017 with the aim of providing both defensive and offensive cyber capabilities.
After the Parliament cybersecurity breach, MPs and senators should be looking closer to home
The threat isn’t hypothetical. Organisations as varied as global shipping giant Maersk and the United Kingdom’s National Health Service have suffered losses and disruption from cyber attacks.
In Australia, our biggest banks are currently trying to contact 100,000 customers, whose personal data may have been affected by a major breach at valuation firm, LandMark White.
The breach, revealed in The Age and The Sydney Morning Herald, could include birthdates, personal contact information and property valuations.
As a result, the Commonwealth Bank, ANZ and NAB have suspended use of the stock exchange listed firm.
In January, the details of 30,000 Victorian public servants and contractors were stolen in a data breach, after a Victorian Government staff directory was downloaded by an unknown party.
Easy access
Mr Connory, who describes himself as an “ethical hacker”, says tens of thousands — if not hundreds of thousands — of people have the skills to break into an organisation (recently his 14-year-old daughter, having watched a YouTube video, gave it a go).
“It’s simple,” he said.
“It takes us about 22 minutes to get access inside a company.”
Security In Depth recently researched 119 organisations, and found that for more than third, usernames and passwords that would give a hacker access were available on the dark net — an anonymised network only accessible using specific software.
Cyber crime: Why you should care
“Most of the time a hacker will just sit there, watching,” Mr Connory said.
“In Australia, on average, a hacker will stay in an organisation for eight months before they’re even found. They’ve got access to emails, financial statements, to confidential company IP (intellectual property), they’ve got access to customer databases.
“By staying ‘in’ an organisation for such a long time they can start to see and read and be privy to a huge range of sensitive information.”
You might be the problem, but you’re also part of the solution.
Dr Dreyfus said companies need to train staff better in cybersecurity, to acknowledge that most problems begin through a seemingly innocuous email, and that a system is only as strong as its weakest link.
“They need to train their employees to understand, ‘Ah! This is the risk to the profitability of the whole company if we don’t come together and behave in better cybersecurity ways’,” she said.
“Herd immunity’ matters. If you can get your entire company up a little more, in their posture, it will be much better off as a whole.”
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
Attentive and thorough, Australia Wide I.T. get onto any of our I.T. problems quickly – with prompt, friendly and efficient service. Whenever we need to upgrade, we know we can trust their knowledge in supplying flawless new equipment that always works both physically, and to suit our needs.
Alison
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce
All good as usual, keep up the professional service.
Diana
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh