Cyber criminals targeting unwary businesses - report

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.smartcompany.com.au/technology/information-technology/47826-cyber-criminals-targeting-unwary-businesses-report.html#

Australian businesses are increasingly becoming targets for cyber crime,
according to the first national unclassified cyber security threat report.

The Australian Cyber Security Centre (ACSC) today released its Threat
Report 2015, which warns businesses could be targets for malicious
activities even if they do not realise they are of interest to cyber
criminals.

The centre compiled the report after partner agencies provided information
about the threats Australian networks face from cyber espionage, cyber
attacks and cyber crime.

The report cites statistics that show in 2014 the national computer
emergency response team, CERT Australia, responded to 11,073 cyber security
incidents affecting Australian businesses.

Of those, 153 involved threats to systems of national interest, critical
infrastructure and government, categories that ACSC considers could
significantly affect Australia’s economic prosperity.

Energy, banking and financial services, communications, defence and
transport were identified as the top five industries assisted by CERT
Australia regarding cyber security incidents in 2014.

The theft of intellectual property or commercially sensitive information
online was identified as one of the biggest issues for businesses, with far
reaching implications such as impaired reputations, profitability and
competitiveness, reduced business opportunities and undermined business
models.

The report identified future trends in cyber crime activity, including an
increase in the number of cyber security criminals with enhanced
capabilities, a rise in “spear phishing”, ransomware and other cybercrime,
as well as the increased use of sophisticated software, web defacements and
headline-grabbing social media hijacking.

The report also said many sectors are yet to invest heavily in cyber
security and businesses may be hesitant to report incidents.

ACSC co-ordinator Clive Lines said the cyber threat to Australian
organisations is growing but the report could serve as a resource for
businesses.

“If every Australian organisation read this report and acted to improve
their security posture, we would see a far more informed and secure
Australian internet presence,” Lines said.

AVG security advisor Michael McKinnon told SmartCompany the report made a
couple of good, clear points about the sorts of cyber threats facing the
business community.

“The first point the document makes clearly, is that businesses don’t chose
to be targets, they’re all targets,” McKinnon says.

“I know lots of SMEs don’t believe they would ever be a target, but it’s
important to understand what a cyber-adversary is.”

McKinnon says the report highlights the fact threats are broad-ranged,
which means it is important businesses understand there are “so many
different adversaries at play here”.

“The threat is so broad it includes foreign governments, organised
international crime groups, national crime groups, petty thieves, also
ex-employees and those disgruntled with your businesses,” he says.

McKinnon says business owners needed to develop an understanding of what
some of the cyber threats are, such as “spear phishing”.

“Make sure there is someone in the business who knows what these things are
and actively working to mitigate risks associated with them,” he says.

McKinnon says businesses should be actively reporting security incidents as
the consequences are often broader than those that affect the business
alone.

“Many businesses want to sweep it under carpet, do not want to acknowledge
they have been compromised, they don’t want reputational damage,” he says.

“It’s really incumbent on business owners, for protection of the country
and their business success, if you do see something happen to your
business, report it.”

“You’ll potentially stop it happening to the next business.”

McKinnon’s top four strategies to protect your business from around 85% of
cyber threats:

1. Application white listing – be careful which software you are running,
be selective and make sure software is approved by managers. Ensure
employees are not given ability to run whatever software they want to
install.
2. Patching your software - update your internet browser and Adobe Flash
3. Patching your operating system - make sure you’re updating your systems.
If relying on an IT company, make sure you’ve reached out to them and
they’re doing a proper review regularly.
4. Restrict administrative privileges - restrict the administrative access
to employees that only absolutely need to have access.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!