Cyber Security in Australia underwent massive evolution in 2018, which is entirely appropriate given the rate of cyber crime growth. 2018 was quite a wild ride in many ways, from politics to… politics. But Australia moved forward in addressing the rise of cybercrime, and implemented legislation to protect individuals and their private data. In terms of cyber security, Australia has definitely stepped it up.
We like to keep abreast of cyber security Australia focused news. So today we’d like to provide a round-up of the top cyber security news for 2018. We are covering events that transpired in cyber crime, cyber security legislation, strategies and more. Let’s dive in:
1. Growing Cyber Security Trends
Artificial Intelligence-Driven Threat Detection
AI is now a tool for both malicious attackers and preventative security. With a machine’s ability to self-learn and adapt, it’s easy to see how this tool could be used for ‘good’ or ‘bad’. In response to AI-driven botnets, cyber security measures are turning to AI-driven threat detection. AI-driven prevention can keep up with the rapid rate of change and sophistication in the world of cyber attacks. We enjoyed this in-depth article on the topic here.
Blockchain Data Management
You may or may not be aware, but to sum up, blockchain is the technology behind crytpocurrencies like Bitcoin. It’s a totally secure method of storing data, as each unit of data is universally verified by the participating network. Beyond its use in cryptocurrency, blockchain has true potential to provide great online security and data management. This could be anything from online voting to identity management, eliminating the risk of voter or identity fraud. This article provides a good overview of blockchain.
Ransomware is the attack you need to worry about. Businesses are being hit with ransomware more than ever, and they’re more sophisticated and clever about hiding their insidious operations.They lock up your files and private data, then extort you for money. Usually as a significant sum of cryptocurrency for anonymity purposes. Have a read of this article for ransomware trends in 2018.
Internet of Things Vulnerabilities
The growth of the Internet of Things has brought some new issues to light. The Internet of Things has some incredible benefits and has improved the ease and quality of life for many of us. However, there are a few security concerns that should be considered as they begin to be exploited by opportunistic attackers. We’ve all embraced Google Home, but we need to be vigilant about cyber security Australia wide.This article by InfoSec provides a helpful summary of the security vulnerabilities present in this field.
Greater Data Privacy Regulation
2018 has seen the introduction of more privacy regulation and cyber security-related legislation. This tells us that governmental bodies are taking cyber security more seriously, and are committed to enforcing data privacy for everyone. With the introduction of the Notifiable Data Breaches Scheme, and the General Data Protection Regulation taking effect both in 2018, it’s clear there is a changing priority. This article from the Australian Financial Review takes a look at the global trend.
2. Best Cyber Security Strategies
Cyber Security Framework & Compliance
Above all, implementing and enforcing a cyber security Australia based framework for your business goes a long way towards protecting your data and private information. Frameworks cover a range of cyber security protocols, procedures and security configurations. We wrote up an article that summarises the cyber security framework options in Australia.
Multi-factor (or two-factor) authentication is the new standard in online identity management and security. In short, it’s a simple security feature that can almost completely eliminate successful phishing attempts as remote access requires more than just a simple password. Here is a write-up of some reasons you should consider turning to multi-factor authentication this year.
Next-Gen Firewall may sound like a sci-fi invention, but is a very real, and nowadays quite a mainstream cyber security tool for prevention. Next-Gen Firewalls (or NGFW) utilise a combination of firewall technology, intrusion detection, SSL and HTTP examination capabilities. It’s an essential tool for your network and cyber security Australia wide. But this article covers an important aspect of NGFWs that everyone should consider.
A VLAN is a virtual LAN (Local Area Network) that allows you to group devices together despite being in different physical LANs. This can help with managing data security, optimising traffic and organising network areas. Above all, VLANs give you greater control over which devices can access one another, and therefore greater security. This article here is a great breakdown.
The ACSC’s policy for cyber security in Australia is a simple list of eight steps everyone can (and should) take which immediately reduce your cyber risk and increase your network’s cyber security. There is no hyper-technical tricks here, just common sense protocols for cyber safety. We will always advocate for the Essential Eight.
3. Most Common Cyber Threats
Phishing is such a widespread and successful cyber attack as it relies on human error, unfortunately. They are counting on you to make a mistake and let them in. Ultimately, no security tool can prevent you from straight up giving your credentials away. But we can be alert, aware, and use sensible online practice to prevent successful phishing. This post is a good summary of the kind of phishing that was prominent in 2018, so you know what to look for.
As mentioned earlier, ransomware attacks are becoming far more sophisticated these days and prevention is your best bet rather than trying to deal with the fall out and aftermath of an attack. Statistics vary on whether ransomware is on the rise or decline, but most importantly, it remains a popular method of attack amongst cyber criminals looking for a pay day. This article reviews a year in ransomware.
Denial of Service
This malicious attack occurs when the attacker floods a system network or resources to the point that it can no longer function or respond to service requests. A DDoS (distributed denial of service) is the same type of attack, but instead utilises a large host of other machines controlled remotely by the attacker to provide more attack power. This article reviews DDoS attacks in 2018 and growing trends.
Man in the Middle
This type of attack is pretty self-explanatory. But despite its simple name, the attack itself is clever and can be totally devastating. A hacker can intercept a connection and then insert themselves into the exchange so that both parties now unknowingly reveal sensitive data to this malicious third-party. We found this site to be very informative and comprehensive on the nature of MITM attacks.
This occurs when the attacker manipulates you (the victim) into believing a message, link or attachment has come from a trusted source and then infect your system to steal confidential data. It’s easy to avoid messages and emails from unfamiliar contacts. But they’ve become clever, and will entice you to open something that looks like it’s from your sister or friend or coworker. Here is an interesting experiment on social engineering and how successful it really is.
4. Data Breaches
- Svitzer Australia revealed up to 60,000 emails were leaked over the course of nearly a year. This was the first data breach publicised under the new Notifiable Data Breaches Scheme. Svitzer is not a huge organisation. With around 1000 employees, this case shows you don’t need to be a big ball-busting corporate machine to be affected by a data breach.
- Teas.com.au is a small business run by Salina Hainzl, and nearly lost her business entirely due to a virus. In addition, her site was hacked six times! Salina has since restructed her cyber security and improved her site security to safe-keep her business.
- Family Planning NSW suffered compromised databases, with approximately 8000 affected people. The government department was hit by a ransomware attack, and details of patients and inquirers were subject to the attack.
- HealthEngine is another health industry related business that was affected by a data breach. Cyber attack is not to blame for this breach however, with the company blaming the breach on a website error. The “error” caused normally hidden data to be exposed in the website’s code. Multiple instances of revealed information contained identifying information about a site user.
- GoGet is the car-share service around Australia. Someone had accessed the fleet booking system and attempted to use vehicles without permission or payment. In doing so, the individual had also attained access to personal data of other GoGet members.
5. Cyber Security News
- The biggest cyber security news for 2018 starts with the Notifiable Data Breaches Scheme coming into effect in February. Lifehacker provided an excellent round-up on the legislation to break through the governmental jargon. However, there remains some debate over whether the new regulations are truly successful. The numbers of reported breaches are vastly below what one would expect based on cybercrime and data breach statistics.
- The next big privacy regulation to roll out was the General Data Protection Regulation which came into effect in May 2018. This is a regulation focused on data protection and privacy for individuals within the EU. The OAIC provides an outline on the regulation and how it may affect Australian businesses.
- The AA Bill (Assistance and Access) stirred a lot of controversy at the end of last year. It was rushed through the House, with many individuals concerned that there are repercussions being overlooked by politicians who don’t fully understand the cyber security Australia focused environment. Any backdoor designed for law enforcement and intelligence to access could equally be accessed by hackers and provides a built-in vulnerability. Here is a great overview of the bill and what it entails for Australians.
- MSP Global Hack has affected a number of managed services providers within Australia, in which data was stolen from customers. The full extent of which MSPs have been affected is not known at this point, but it seems that there has been a significant blow to privacy here.
- Australia released its first Cyber Incident Management Arrangements in December 2018. The intent of these guidelines is to reduce the severity and impact of a national cyber incident, but there is question over whether the guidelines are enough to protect Australia from a national cyber attack. Have a read of some of the criticisms here.
If you are struggling trying to work out where to start with your cyber security give the team at Stanfield IT a call and we can help walk you through the process.