Australian business face the threat of constant cyber attacks and security breaches from criminals. The rate of these attacks is increasing at an alarming rate. This has all been highlighted in a report from the Australian Signals Directive (ASD), who are an intelligence agency in the Defence department of the Australian Government. The most common targeted sectors are finance and banking, resources and energy, as well as telecommunications and even defence directly.
Cyber criminals look for opportunities in any industry. The type of threats from these criminals include theft of data, fraud, and just malicious cyber attacks. Its imperative that business don’t just sit back and leave the problem to be resolved by government agencies like the Federal Police or security forces. The best type of cyber defence is an active offense, combined with information sharing among organisations and government agencies. The Australian Cyber Security Centre (ACSC) which opened in November 2014 to deal with the next evolution of Australia’s cyber security capabilities. Its the type of information that is reported from business to the agency that really makes it harder for cyber criminals and reduces the security threats.
Cyber Security Resources
Processes have now been put in place to allow a better information flow from individuals and companies that report them to the ACSC. You can now report an event using the Australian Cyber Crime Online Reporting Network (ACORN) system. Government agencies are being encouraged to work with the ASD, and large business are encouraged to partner with CERT Australia, which is an organization that is the main point of contact for any issues affecting major Australian businesses according to its Executive Manager Carolyn Patterson. There are opportunities for businesses in Australia to learn about the cyber security issues they face, such as the Australian Cyber Security Centre 2015 conference that was held 22-23 April 2015 in Canberra. There are also excellent online resources to help you understand the issues facing the IT industry, and businesses.
Key Cybercrime Strategies
The ASD provides strategies to reduce the impact of targeted cyber crime, and guidance directly to organizations on how to stay ahead of the cyber criminal crimewave. The ASD made a key point that 85% of the cyber intrusions that were reported to them could be prevented by following their top 4 mitigation strategies that they outlined in their Strategies to Mitigate Targeted Cyber Intrusions. This advice included:
- Application whitelisting to prevent malicious software, and unapproved software running.
- Third party application patching, such as Flash, Java, PDF Viewers, and Internet Browsers.
- Operating system upgrades, and the latest patch releases.
- The restriction of administrative privileges to OS and applications based on user duties.
The ASD has been involved in publishing the Australian Government’s Information Security Manual (ISM) which provides a standard governing the security of government Information and communications technology (ICT) systems. The ISM is designed to compliment the Australian Government’s Protective Security Policy Framework (PSPF). This is a framework designed to provide appropriate controls to the Government of Australia to allow it to protect the population, information and national assets located at home and overseas. Cyber security measures and strategies that apply to government agencies, is also applicable to businesses.
Cybercrime is an international security issue. This is why Australian businesses groups should form internal relationships with key support organizations and facilitate the information trickle down. This ensures that even medium and small enterprises also gain access to the knowledge that larger companies are using to ward of cyber crime. February 2015 saw the addition of an Australian cyber intelligence centre to Deloitte’s global network. Deloitte is a financial advisory, and risk management business, and they cited that the cost of cybercrime to business was on average $2.5 million each year and rising. They also highlighted that data loss had become an increasingly dangerous security risk with the incidents of data loss being reported increasing by around 25% between 2013 and 2014 globally.
There are collaborations that business can become involved with that benefit in the fight against cyber criminals. Project Sunbird is one such example. It is a collaboration between the West Australian Police (WAPOL) and also the West Australian Department of Commerce, that is designed to reduce the incidents of online fraud that take place against individuals. The main stages that were implemented under Project Sunbird approach was identification, intervention, interruption, intelligence and also investigation measures. While Project Sunbird is aimed at individuals, there is still scope and opportunity for business to apply some of the key lessons and implement similar proactive approaches.