Being connected in today’s world is essential – it brings new opportunities, and enables growth and innovation. With these benefits, however, this new level of connectivity also brings some risks.
A broad range of malicious cyber activity persistently targets Australian industry, risking the profitability, competitiveness, and reputation of Australian businesses.
The following chart represents a breakdown of cyber-attacks by sector in 2016.
Source: Australian Cyber Security Centre Threat Report 2016
The ongoing theft of intellectual property from Australian companies continues to pose significant challenges to the future competitiveness of Australia’s economy.
No organisation is immune from the risk of compromise
While the upfront costs of implementing robust cyber security mitigation and incident management strategies may seem high, senior management should consider the associated costs that could be incurred if a serious compromise occurs on their network. In the event of a network compromise, not only will organisations be faced with the cost of implementing these strategies to prevent further compromise, they will also incur both higher direct and indirect costs associated with remediation.
Planning and preparing
The effective management of an incident can greatly decrease the severity, scope, amount of damage and therefore cost of a cyber security incident.
- Adequately monitor your environment for cyber security threats
- Have processes in place to detect when an incident may have occurred
- Assign primary responsibility for incident response in your organisation
- Have an up-to-date and regularly tested incident response plan and business continuity plan
- Have up-to-date documentation such as System Security Plans and Standard Operating Procedures
- Maintain a current security risk management plan for information security systems
- Identify your critical systems
- Identify key stakeholders including communications and legal
Planning and preparing is key
- Ensure quick and easy access to key incident mitigation resources e.g. system managers, technical experts, Internet Service Provider, system logs and physical system infrastructure
- Have an up-to-date after hours contact list for key personnel and external stakeholders
- Identify and isolate affected workstations or servers
- Understand your legislative requirements and obligations for incident reporting
- Have procedures in place to provide information and reporting to relevant parties during an incident
- Early reporting of significant cyber security incidents to the Australian Cyber Security Centre (ACSC) will enable the triage, mitigation, and containment of the threat, if required. Reporting cyber security incidents also assists the ACSC in developing an understanding of the threat picture for Australian information system networks, and subsequently, enables the delivery of comprehensive cyber security advice relevant to such networks
Securing your assets
The following six controls help establish a foundation of security and have the most immediate impact on preventing attacks.
- Inventory of authorised and unauthorised devices
Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorised devices are given access, and unauthorised and unmanaged devices are found and prevented from gaining access.
- Inventory of authorised and unauthorised software
Actively manage (inventory, track, and correct) all software on the network so that only authorised software is installed and can execute, and that unauthorised and unmanaged software is found and prevented from installation or execution.
- Secure configurations for hardware and software on mobile devices, laptops, workstations, and servers
Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process to prevent attackers from exploiting vulnerable services and settings.
- Continuous vulnerability assessment and remediation
Continuously acquire, assess, and act on new information to identify vulnerabilities, remediate, and minimise the window of opportunity for attackers.
- Controlled use of administrative privileges
The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.
- Educate your employees
Protecting your company online begins with ensuring your employees are aware of cyber threats, the steps they can take to minimise risks, and the process for managing breaches. The best security technology in the world won't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources.
Training employees is a critical element of security. They need to understand the value of protecting company information and their role in keeping it safe. Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding online safety.
- Do not open attachments unless they are expected and come from a known and trusted source, and do not execute software that is downloaded from the Internet (if such actions are permitted) unless from a trusted source or the download has been scanned for malware.
- Be cautious when clicking on URLs in emails or social networks, even when coming from trusted sources and friends.
- Deploy web browser URL reputation plugin solutions that display the reputation of websites from searches.
- Restrict software to corporate-approved applications, if possible, and avoid downloading software from file sharing sites. Only download packages directly from trusted vendors’ websites.
The users of your IT infrastructure include not just your staff, but also customers, partners, and suppliers. To protect your users’ access to the Web, cloud, and your network assets, set access rights and levels, and secure users’ remote access to business applications and online transactions with two-factor authentication (2FA).
Protecting mobile devices
The growing use of mobility solutions for business purposes means you need to protect your users’ mobile devices against potential threats. Use Mobile Device Management (MDM) to administer mobile devices— whether smartphones, tablets, or laptops.
These eight measures will help protect your mobile devices and data:
- Access control, including biometrics – such as fingerprint scanning – where possible
- Data loss prevention, such as on-device encryption
- Automated device backup
- Remote find and wipe
- Regular updating of applications and operating systems
- Common sense – don’t jailbreak (iOS) or root (Android) devices, and only use trusted app markets such as the App Store or Google Play
- Training, particularly around paying attention to permissions requested by an app
- Deploy and enforce Bring Your Own Device (BYOD) policies, ensure compliance to company policies and protect your mobile devices against potential threats
Mobile threats are on the rise
Cybersecurity is not just about employing the right kind of technology, it also requires everyone to practice good digital hygiene. Education and greater awareness of cybersecurity issues will help protect individuals and businesses alike against the growing cyber threat landscape.
Optus welcomes further opportunities to collaborate with our customers, government, researchers, and other experts to continue building Australia’s cyber defences. If this is of interest to your organisation, please get in touch.