Cyber Security 101
“Hackers hone their skills while consumers remain complacent” -Symantec, November 2016 press release.
What is Cyber Security?
Cyber Security is the practice of protecting systems, networks and programs from cyber threats.
Why is Cyber Security important?
While the digital era offers enormous opportunity for all of us, this increased connectivity is accompanied by greater exposure to cybercriminal activity.
Due to our nation’s relative wealth and high use of technology, Australia is an attractive target for serious and organised cybercrime syndicates. Due to the possibility of lucrative financial gains for these organised crime syndicates, businesses are now facing an evolving threat landscape where attack types change daily.
As these cyber threats continue to increase in frequency, scale, and sophistication, it is now essential for organisations to implement effective and sound cyber security practices to effectively protect their digital assets and meet increasing compliance obligations.
Common types of Cyber Threats
From April to June 2019, the largest source of cyber attacks on businesses were incidents involving phishing, compromised or stolen credentials, ransomware, and hacking by other means (Office of the Australian Information Commissioner, 2019).
Here we present some common attack types:
Distributed Denial of Service (DDoS)
A Distributed Denial of Service (DDoS) attack attempts to make an online service unavailable by overwhelming it with an incredible amount of traffic from a network of compromised PCs, home routers, and smart devices such as webcams, all over the world. These networks are known as ‘botnets’.
DDoS attacks are very successful in disrupting the availability of data or systems, which can inflict more serious consequences unless it is protected against.
A global survey carried out by Neustar in 2017 found that businesses reported a cost of $100,000 to $250,000 per hour, and at least $2.5 million every time they fell victim to a DDoS attack.
Ransomware
Ransomware is a type of malicious software that encrypts the files on your computer, system or network, rendering them inaccessible unless you pay a fee, usually in an untraceable cryptocurrency such as Bitcoin or Litecoin.
Ransomware is a rapidly growing malware threat. It targets all types of businesses and severely damages organisations around the globe.
In late 2019, hospitals across Gippsland, Geelong, and Warrnambool were hit by a ransomware attack that forced healthcare providers to revert to manual paper-based systems and cancel some surgeries (ABC News, 2019)
Phishing
Phishing is a method of gaining access to an organisation or stealing confidential information by sending fraudulent messages to a victim. Phishing emails appear to be from a known and trusted source, with recent reports of impersonation of large and trusted organisations such as the ATO, Medicare and myGov. They often ask victims to click a link or open an attachment which give the sender remote access to the organisation’s systems.
In November 2018, hackers sent a phishing email to a staff member at the Australian National University, leading to a major breach which wasn’t detected until months later (ABC News, 2019)
Credential Stuffing
Username and password combinations stolen from hacked websites are tried out against thousands of other websites every day in an attempt to find and log into a person’s other accounts. Once a match is found, that account is used to gain further access to the business through technical means or by impersonating the owner to their co-workers.
A 2019 Akamai report revealed that they had seen 61 billion credential stuffing attacks against businesses in an 18 month period. The top targeted countries were the United States, India, Canada, Singapore, and Australia (Akamai, 2019)
What this means for your business…
A cyber security incident has the potential to create devastating and lasting impact on a business.
In addition to the direct financial loss and loss of business productivity, once a company’s security has been breached, repairing the relationship and trust between the business and its customers can be very difficult.
Globally, national governments have intensified their focus on cyber security and data protection. New regulations and greater privacy requirements took effect in 2018 which now mandate Australian organisations to report notifiable data breaches. This has placed a constant pressure on businesses to ensure they employ active security compliance practices.
What we do…
Protecting your business is our priority.
At Wireless Communications we promote a proactive and adaptive approach to cyber security.
Wireless utilises up-to-date technologies, techniques and expertise to appropriately safeguard against cyber security risks as well as ensuring your organisation is exercising due diligence which aligns with legislative requirements and community expectations.
These include:
- Essential mitigation strategies
- Regular vulnerability assessments and monitoring
- Ongoing staff education/training
- Well implemented policies
- Effective reporting systems
- Proactive network monitoring
- System audits, including physical controls and permissions
- DDoS protection through Telstra Security Services