Australian businesses are under continual threat from potentially damaging cyber attacks, and the situation is only going to get worse with increasingly complex technological change.
A recent high-profile example is the hacking of a national security (defence) contractor’s system last year (and only announced publicly this month). The hackers accessed the network of the contractor, stealing large amounts of sensitive data, including details of Australia’s Joint Strike Fighter and technical information on smart bombs.
The ACSC [Australian Cyber Security Centre] identified 47,000 cyber incidents over the past financial year — a 15 per cent increase — and more than half of these were internet scams or fraud.
Major Australian businesses were hit by 7,283 of the attacks.
2017 ACSC Threat Report
The Report was released in October, highlighting the trends in cyber-security. Alarmingly, the report concludes that Australian businesses continue to be targeted by cyber-crime and cyber espionage. The potential damage includes the loss of commercially sensitive information (through theft of data) and more immediate financial harm (including through ransom demands to de-crypt data following a ransomware infection).
So what can you do about it?
- Follow Kott Gunning’s 14 Key Cyber Risk Management Steps which all Australian businesses should be taking.
- The Australian Signals Directorate (think James Bond, without the licence to kill) also provides a useful guide on the ‘essential eight’ steps to be taken to mitigate your risk. See: ASD Essential Eight Explained
- Given the increasing risk and the potential damage of a cyber-attack, businesses should ensure they have adequate cyber insurance in place.
- Finally, as the security contractor has now learned, it’s probably best not to have your username as “admin” and your password as “guest”.
Watch the ABC news story – Password for hacked defence contractor system was ‘guest’
Watch The Economist video – Hackers will pose a greater threat in 2018
The information published in this paper is of a general nature and should not be construed as legal advice. Whilst we aim to provide timely, relevant and accurate information, the law may change and circumstances may differ. You should not therefore act in reliance on it without first obtaining specific legal advice.