kirill_makarov - Fotolia

How Australia is tackling cyber crime

Telcos such as Telstra and industry associations in Australia are chipping in to help enterprises that are being targeted by cyber criminals with phishing and social engineering exploits

Achieving any form of computer security is always an uphill task, often costing enterprises money, time and effort, and with no prospect of a reprieve any time soon.

Earlier this year, a rash of ransomware attacks paralysed high-profile businesses including some in Australia, which is now one of the top 10 nations in the world targeted by ransomware, according to Symantec.

Other incidents, such as the Equifax breach that exposed the personal information of 143 million people, the looming introduction of mandated data breach notification in Australia, and concerns about the potential impact of the EU’s General Data Protection Regulation, have all sharpened the focus on cyber security.

Worldwide spending on information security products and services is tipped to reach $86.4bn this year and $93bn by 2018, according to technology research firm Gartner.

To help Australian enterprises address the cyber security threat, Telstra recently opened a security operations centre (SOC) in Sydney, with similar facilities to follow in Melbourne and other global locations in 2018. The telco has been operating a SOC in Canberra since 2008.

As well as providing a home for Telstra’s army of 500 security experts charged with securing its own communications infrastructure, the SOCs will offer a range of services, initially targeted at enterprise customers, according to Neil Campbell, director of the security team for Telstra’s enterprise products.

Former Australian federal policeman Campbell acknowledged that his experience with working on the other side of the fence with cyber attack victims was that “it gets tiring picking up the pieces for people”. So he joined Telstra in 2016 to help in the fight against cyber crime.

Telstra’s 2017 Cyber security report showed that the rate of cyber crime had doubled in the previous 12 months, with almost 60% of organisations in Australia having detected a security incident at least monthly in 2016.

Campbell said Telstra’s vision is to deploy security services and products “that allow us to move toward inoculating the country”. But he admitted it would be challenging to achieve the sort of “herd protection” that medical vaccines strive for.

You will never get rid of crime, but we have the ambition to manage it to where we as a society are more protected online.
Neil Campbell, Telstra

Campbell’s team of 120 specialists develop security services for customers by leveraging open source security software and Microsoft Azure, which should make services more affordable.

Telstra is also kept abreast of the changing threat landscape through security monitoring at the SOCs. The telco offers customers a systems-monitoring service and the option of an incident-response service for a fixed annual fee. It is planning services targeted at consumers for a 2018 release.

Asked how Telstra will measure its success, given that cyber attacks seem unstoppable, Campbell said: “If there are attacks less often, and if they have a smaller impact and are resolved more rapidly.”

He added: “You will never get rid of crime, but we have the ambition to manage it to where we, as a society, are more protected online.”

Besides having a burgeoning market for security services, Australia is also building a talent pool of cyber security professionals. For example, the Australian Computer Society (ACS) has expanded its professional development schemes to include new security certification categories for certified professionals and technologists.

ACS president Anthony Wong said organisations that employ professionals with cyber security certification can be assured that they have “undergone a rigorous assessment process, demonstrated a commitment to the highest principles, and are well placed to lift the cyber resilience of their organisation”.

Read more about cyber security in Australia

  • Experts say Australia’s efforts to get technology and social media firms to cooperate with the authorities in decrypting communications will be hard to achieve.
  • Australia’s national cyber security blueprint has been a catalyst for improvements in cyber security across the country, but its long-term impact remains to be seen.
  • Unsanctioned cloud apps continue to be major bugbear among security chiefs in Australia, a Symantec survey has found.
  • Demand for people with the right mix of skills to keep organisations in Australia safe from cyber attack is far in excess of supply.

Meanwhile, Brandon Swafford, CTO for data protection and insider threat business at Forcepoint, reminded enterprises not to ignore the threat from within.

Research conducted by Forcepoint in 2016 revealed that 90% of large enterprises in Australia had been exposed to insider data breaches.

Swafford acknowledged that most insider threats are not malicious, such as an employee unknowingly sending potentially sensitive data to others using the autofill features of email applications.

“More often than not, it’s about someone not understanding the rules or just wanting to get the job done,” he said. “Only a pretty small percentage is malicious.”

But regardless of intent, the impact of a cyber attack can be profound, and insiders are increasingly being targeted by external actors with phishing and social engineering exploits to attempt to access information.

Risk management approach

Swafford advocated a risk management approach to protect enterprises from both insider and external threats, pointing out the importance of striking a balance between protecting key data assets and locking down systems so much that they become unusable.

By establishing appropriate business processes and then educating staff about them, it is possible to reduce the risk of data breach, he said.

This includes setting policies on who should have access to what, as well as locations where important data is stored and transmitted to.

On top of that, companies need technology controls that will, for example, stop information from being sent to a competitor either by design or accident, and also monitor employee activity for unusual patterns.

“Identify the risks and then set a priority order to invest in security,” said Swafford.

Despite a slew of high-profile data breaches, Swafford said the biggest blunder that organisations continue to make is to imagine that they are somehow immune and that the risk of attack is low.

“But it’s never zero,” he said. “Just as many people drive for years without incident, the population remains constantly vigilant and mindful of the threat of a crash. When you drive home, you still put on your seatbelt.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management