Add to collection(s) Add to saved
  1. Business
  2. Finance

Cyber Security - The Facts

advertisement 
Cyber security – the facts
By Dr Carolyn Patteson, Executive Manager, CERT Australia
The cyber threat is real and ever present – and every business is at risk.
Australia’s security and intelligence agencies have stated publicly that we are experiencing
increasingly sophisticated attacks on networks and systems in both government and
business.
The cyber threat comes from a range of sources, including individuals, issue-motivated
groups, organised criminal syndicates, and the intelligence services of some foreign
governments.
The motives for cyber incidents include corporate attack, illicit financial gain, political and
protest issues, personal grievance (a disgruntled employee or customer), and issue motivated
hactivists.
A cyber attack can be very disruptive, having a huge financial impact on a business and also
harming its professional reputation.
As the national computer emergency response team, CERT Australia in the Australian
Attorney-General’s Department, is the single point of contact for cyber security issues
affecting major Australian businesses.
In 2012, there were close to 7,300 incidents reported to CERT Australia. By mid-August this
year, around 8,500 incidents had already been reported.
Many of these are categorised as less severe, such as scans of firewalls or websites. However,
at the higher end, there are both broad-based and targeted attacks.
For example, there have been an increasing number of businesses under pressure from
distributed denial-of-service (DDoS) attacks, where the instigator demands payment to stop
the attack or ‘cease fire’. This method of extortion is not new – but it is becoming more
frequent.
This is due to the ease with which people can access attack tools and services from online
criminal groups. It is also due to the growing reliance of companies on their customer facing
web services, now an essential part of business.
Another common method of attack is to target senior executives, often through their direct
support staff. This generally involves a well-crafted email message – one that is topical
without any tell-tale mistakes. It is the links and attached files in the emails that are the first
point of entry into a target network.
This is particularly effective in businesses where cyber vigilance is not part of the culture –
and where busy executives and their assistants are barraged by a large number of emails
every day.
These businesses are targeted for their intellectual property or financial information. They
may also be targeted as a way to compromise a third party, who has a trust relationship with
the business and is the ultimate target. By using this form of attack, the perpetrator leverages
the relationship between businesses, as an email embedded with malware is less likely to be
treated as suspicious from a trusted party.
Trends in cyber security
One of the challenges that CERT Australia faces is gaining a better understanding of the
impact of malicious online activity and how well businesses are placed to respond.
While there are an increasing number of cyber crime and security incidents, the true extent
of these threats is difficult to determine.
To help understand what is happening on this front, the inaugural CERT Australia Cyber
Crime and Security Survey was conducted in 2012.
The survey report provides a picture of the cyber security measures businesses had in place,
the recent cyber incidents they had experienced, and their reporting of them.
The findings indicated a shift in cyber attacks away from being indiscriminate and random to
more coordinated and targeted, often for financial gain. They also revealed the theft of
mobile devices to be a major concern, with many organisations lacking security policies and
plans for protecting these physical assets.
As the cyber picture is constantly changing, CERT Australia is conducting annual national
surveys to look for trends over time.
The 2013 Cyber Crime and Security Survey has recently been conducted. It aims to build on
the baseline findings from 2012, and seek a more comprehensive understanding of how
cyber incidents are affecting the businesses that partner with CERT Australia.
2|Page
The findings from the 2013 survey will be released later this year. Importantly, they will
provide a better picture and understanding of the impact of cyber incidents, which will assist
CERT Australia in providing the best possible cyber security support and advice to
Australian businesses.
Cyber security mitigations
So what are the top cyber security mitigations?
Firstly, businesses need to be prepared before an incident occurs. It is important for each
business to know how its network is organised, the value of its information, and how it is
protected. Cyber security needs to be part of risk management and resilience structures and
planning, and staff need to be trained to use good cyber security practices as part of their
daily work.
As general guidance, CERT Australia recommends:
•
using strong passwords or passphrases
•
patching applications and operating systems, and
•
limiting the number of users with administrative privileges.
More specifically, CERT Australia publishes information on prevention and detection
techniques. Routinely, the information it provides businesses is sensitive in nature and not
available via public sources.
Where appropriate, CERT Australia also works with businesses to make sure the duration
and severity of an attack is reduced, and that businesses adopt measures to reduce the risk of
an attack recurring.
That is why CERT Australia encourages major Australian businesses to partner with it before
an incident occurs. Prevention is much better than cure when critical business systems are at
stake. By having this relationship in place, information can be shared efficiently and
effectively to help with prevention, and if necessary, mitigation.
Businesses are also encouraged to report cyber security incidents to CERT Australia. This
information helps protect the affected business, and provide a better understanding of the
broader threat environment. All information provided to CERT Australia is held in the
strictest confidence.
3|Page
Cyber security partnerships
Effective cyber security also requires a partnership approach. No single organisation can
tackle this threat alone. By working together, business and government will be better
positioned for prevention and response.
CERT Australia works closely and shares information with its national and international
colleagues. This means it is very well connected and informed, making it best placed to help
Australian businesses manage cyber threats.
At the national level, CERT Australia works in the Cyber Security Operations Centre, sharing
information and working closely with the Australian Security Intelligence Organisation
(ASIO), the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD).
CERT Australia also has a direct working relationship with government and business
computer emergency response teams around the world, through the Forum for Incident
Response and Security Teams (FIRST).
In addition, CERT Australia has a direct operational relationship with regional countries
through the Asia Pacific computer emergency response team (APCERT), which comprises 30
teams across 20 economies. CERT Australia was also honoured to host the 10th Annual
APCERT Conference in March 2013.
As the following case study shows, national and international teamwork is essential to
providing businesses with timely information on emerging threats, and advice on mitigation.
Case study
Distributed denial-of-service (DDoS) attacks are one of the most serious threats to
businesses with an online presence.
Historically, these attacks had non-financial motivations, aiming to bring attention to certain
events or protest specific issues. The more recent trend is for DDoS to be used for extortion.
CERT Australia received reports from a range of Australian financial companies that were
being targeted by extortion-based DDoS attacks. They had been called and threatened with
an attack against their website, unless they made a payment.
This type of attack can cause serious problems. It can not only disrupt the company’s online
activities via its website, it can also stop clients from doing business with them online.
4|Page
The attackers chose their targets carefully. They combed victim websites for pages that would
generate the most processing in order to increase the likelihood of successfully taking down
the site. Some websites were brought down by the attack – others had the infrastructure to
withstand it.
CERT Australia located the target list for the attacks and contacted the listed businesses. As
the attacks were of a criminal nature, CERT Australia also provided all relevant information
to the AFP’s High Tech Crime Operations for investigation.
The sites which had the ability to mitigate the attack were not targeted for long. As the
attacks were financially motivated, the attacker was quick to move on to other potential
victims. However, if the business communicated with the attacker, the site appeared on the
target list for longer periods of time.
CERT Australia was able to identify the international source of the attacks from a sample of
the DDoS traffic provided by one of the businesses. CERT Australia then notified its
international counterpart, asking for assistance in having the control hub taken down. The
international CERT responded quickly and the host was shut down.
However, as is normally the case with such incidents, the control hub then moved to another
internet address and recommenced attacks. CERT Australia again contacted overseas
counterparts to issue further take down requests.
CERT Australia also continued to follow up with affected businesses, providing options and
advice on mitigation techniques for possible future attacks.
The businesses that were most effective in mitigating the attacks had well-established – and
tested – response procedures in place for dealing with DDoS.
CERT Australia
CERT Australia is a trusted source of information and advice on cyber security issues. It is
not a regulator, its services are free and it does not compete with commercial services in the
market.
To report a cyber security incident please call the CERT Australia hotline – 1300 172 499.
For more information on CERT Australia and the Cyber Crime and Security Survey Reports
please refer to www.cert.gov.au, email info@cert.gov.au or phone +61 2 6141 2999.
Hotline – 1300 172 499 info@cert.gov.au
www.cert.gov.au
5|Page
Related documents
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Business License Change Request
Business License Change Request
Cyber forensics 網路鑑識 - Network Forensics and Lawful Interception
Cyber forensics 網路鑑識 - Network Forensics and Lawful Interception
How we raised awareness on information security in Slovenia
How we raised awareness on information security in Slovenia
The top cyber security tips for small to medium
The top cyber security tips for small to medium
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
COMMONWEALTH OF AUSTRALIA Copyright Regulations 1969
COMMONWEALTH OF AUSTRALIA Copyright Regulations 1969
Examples of Critical Assets
Examples of Critical Assets
Survey of Designing Web and Tools
Survey of Designing Web and Tools
Download
advertisement