21 Dec 2018 Wrap Up
As many businesses will be closing for the holiday season, now is not the time to be complacent or to let your guard down.
Cyber threats remain prevalent and constant. So much so, that today the Federal Govt has announced security compromises of managed service providers (MSPs) globally, including Australia. These compromises were a concerted campaign to steal commercial secrets from the customers of MSPs for commercial advantage.
Such attacks are a clear example of the need for supply chain risk management which sits jointly across procurement, legal, and the security functions of an organisation.
We concur with the statements of Alastair MacGibbon, the head of the Australian Cyber Security Centre that this is a catalytic event for Australia and an opportunity for all parts of our economy to lift the levels of cyber protection for all Australians, to make Australia the safest place to live, work and play online.
Cyber security is about risk management. You can’t eliminate risk, but you can strengthen your defences to reduce the likelihood of the risk being realised, and the harm caused when it is. This is called cyber resilience – the ability to ideally resist attacks in the first instance, but more importantly, to identify and respond to attacks when they occur, ensuring that you can operate through the event, and come out on the other side still being in business.
Our regulatory environment (the responsibilities for company directors, and also the requirement that reasonable controls be in place to protect personal and health information) behoves Ausyrtalian business and government to do more.
Unfortunately, cyber-attacks are an asymmetric threat. Tools used to perform attacks can be freely available and possibly operating across many environments, deep within your networks, undetectable for extended periods of time. Once in the network, persistence allows the attacker to rapidly deploy more advanced malware to gain further privileges and access, conduct internal reconnaissance, mapping out the network and in later stages of the compromise harvesting and exfiltrating the data to the attacker.
Today, more so that ever before, organisations need to understand what data they hold, where it is, who has access to it and how it is secured.
A few key questions to ask yourself as you head into the festive season:
- Have I developed an incident response strategy to enable me to operate through an event?
- Do I know where my critical data is? And have I limited access to it? Is it protected?
- Do I have a “go to” partner for support with the in-depth knowledge and capability to help me to respond to a security issue?
- Have I analysed my supply chain risks to determine the extent that I may be susceptible to a side-channel attack?
- Have I thoroughly tested and validated the effectiveness of all my technical controls and the ability for our staff to resist social attacks.
As Australia’s leader in independent cyber advisory services, Sense of Security is the trusted partner for many of our nation’s government agencies, corporates and private companies. We are here to help where required.
Wishing you all a safe and festive season and looking forward to a more cyber resilient 2019.