Will you be hacked?

by Daniel Weis - Security Specialist and Lead Penetration Tester, Kiandra IT | |   Business IT
Will you be hacked?

2017 is shaping up to be another disastrous year for cyber-crime. Ransomware has been devastating with Petya and WannaCry infecting 400,000 machines in 150 countries. On average, a company is hit with ransomware every 40 seconds and global ransomware damages have been predicted to exceed $5 billion dollars this year.

Big name breaches are making the headlines week after week. Some of the most notable ones include BUPA, Zomato, River City Media, Verizon and HipChat, in addition, more and more Australian companies are being impersonated by cyber-criminals in large-scale malware campaigns including MYOB and Energy Australia.

It's important for security specialists to stay on top of the latest threat vectors. They need to be able to identify security weaknesses, vulnerabilities, risks and exposures for organisations of all sizes, from all industries. Despite the differences in their core businesses, there’s one subset of organisations that have one thing in common, and that is the SMEs. 

The myth that SMEs tend to believe is that they aren't a target for cyber-crime or that the risks that apply to large businesses / enterprises don't apply to them.

Well the bad news is cyber-crime doesn't discriminate and all organisations, no matter what the size, are exposed to the same threats. 

A recent survey conducted by the Australian Cyber Security Centre (ACSC) has revealed that 90% of Australian organisations have faced some sort of cybersecurity compromise. And, as noted with Petya and Wannacry, the same cyber risks and exposures apply to businesses of all sizes, regardless of their industry. In fact, as the larger organisations get better at protecting themselves, SMEs are fast becoming the new target for cyber-crimes. 

And while the myths are being debunked, don't think that malicious cyber-attacks are only launched by sophisticated cyber-criminal groups. The reality is that with modern hacking tools and YouTube, you don't need to be a specialist to cause severe damage in an unsecured network. A security breach could be initiated by a disgruntled ex-employee, a bored teenager, or someone trying to gain information on one of your clients via your systems. Hacking tools are widely accessible and are designed to cause maximum destruction or breach networks, covertly. 

If that isn't enough to get you thinking about cyber-security, as of February 2018, new laws will dictate that organisations will need to notify the Privacy Commissioner and customers if they have experienced a data breach. Failure to comply can attract fines of up to $360,000 for individuals and $1.8 million for organisations. So start taking action and be in the pool of organisations that don't have anything to report!

In a world where cyber-crime is inevitable, how do you protect yourself?

The team at Kiandra often talk about the layers of security for business - the more layers you have the more security and protection you have in place, thus, a multi-layer approach to mitigate security breaches is advised. At a minimum, the base level preventative measures an organisation has in place should include:

  • Staff awareness training and regular testing (do your staff know what common attacks look like - would they have been fooled by the MYOB or Energy Australia emails? Do they know the latest threats, are they exercising common sense?)

  • Making sure that your IT team put in place the necessary security controls (intrusion prevention systems, end-point protection, whitelisting and lockdown, networking and email protection, firewalls etc.)

  • Documented and tested incident response policies and procedures for cyber-attacks

  • Penetration testing (a trained professional attacks your systems from a malicious hacker's perspective, to uncover security vulnerabilities and weaknesses within an environment)

You can't stop a hacker but you can make it as hard for them as possible. By combining a couple of the more traditional security measures such as firewalls, intrusion prevention systems, web filtering, email filtering and virus protection alongside penetration testing and staff awareness training, and appropriate insurance, you can keep a business on stable financial footing should a significant security event occur.

Daniel Weis is the Lead Penetration Tester and Head of Security Services at Kiandra IT. Dan has over 22 years' experience in IT, in a range of different industries, and was one of the first 10 people in the world to become a Certified Ethical Hacker.

Dan heads up Kiandra's team of Cyber Security Experts, proactively assessing company and government networks to increase their security posture and not become the next 'headline'.

Earning the nickname "The General" as a result of his multitude of industry qualifications, Daniel also holds an additional 22 industry certifications.

In his spare time Daniel undertakes research on the cybercrime underground, facilitates training sessions for budding ethical hackers, is a regular on the speaker circuit and is an active participant in a variety of renowned security and industry programs. For more information, visit kiandra.com.au.


Write new comment

preload 0preload 1preload 2preload 3preload 4preload 5preload 6preload 7preload 8preload 9preload 10preload 11preload 12preload 13preload 14preload 15preload 16preload 17preload 18preload 19preload image 1preload image 2preload image 3preload image 4preload image 5preload image 6preload image 7preload image 8preload image 9preload image 10preload image 11preload image 12preload image 13preload image 14preload image 15preload image 16preload image 17preload image 18preload image 19preload image 20preload image 21preload image 22preload image 23preload image 24preload image 25preload image 26preload image 27preload image 28preload image 29preload image 30preload image 31preload image 32preload image 33preload image 34preload image 35preload image 36preload image 37preload image 38preload image 39preload image 40preload image 41preload image 42preload image 43preload image 44preload image 45preload image 46preload image 47preload image 48preload image 49preload image 50preload image 51preload image 52preload image 53preload image 54preload image 55preload image 56preload image 57preload image 58preload image 59preload image 60preload image 61preload image 62preload Themeimage 0preload Themeimage 1preload Themeimage 2preload Themeimage 3preload Themeimage 4preload Themeimage 5preload Themeimage 6preload Themeimage 7preload Themeimage 8preload Themeimage 9preload Themeimage 10preload Themeimage 11preload Themeimage 12preload Themeimage 13preload Themeimage 14preload Themeimage 15preload Themeimage 16preload Themeimage 17preload Themeimage 18preload Themeimage 19preload Themeimage 20preload Themeimage 21preload Themeimage 22preload Themeimage 23preload Themeimage 24preload Themeimage 25preload Themeimage 26preload Themeimage 27preload Themeimage 28preload Themeimage 29preload Themeimage 30
Not rated yet.
Please confirm
PreviousNextHide preview images
Close webpage preview
Loading preview ...
Upload photoUpload pdf
Loading preview ...
Preview of your uploaded imageCancel image upload
*: required field
Preview Comment
Close comment preview
Cancel reply
Your comment will be a reply on the following comment:
Data protection and disclaimer
Data protection report - 19.5.2019, 07:08:19
Https is not enabled
Database is on the same server
Cookies can be refused or acceptedAcceptRefuseCookies are acceptedCookies are not accepted
Search engines are allowed to index comments
Data protection is low (25%)
Software declaration
This software has no known backdoors or vulnerabilities that allows third parties access to your data. More about data protection with this commenting- and rating-system: www.toctoc.ch

No comments