Cybersecurity has become a key priority for business leaders today.
The number of cyber-threats and scams is growing; the threats and scams themselves are increasing in sophistication; and the consequences of a security breach are more damaging. So how can businesses can take to remain cyber-secure? In coming weeks we’ll be describing some key measures your business can take to protect its systems, information and people.
People can be your weakest link or your greatest asset when it comes to cyber-security. Malicious individuals have developed socially engineered threats or scams that deceive people into clicking on dangerous links, opening suspect attachments or even inadvertently sending money to scammers posing as your CEO. So what are some steps you can take to mitigate these threats?
Taking these steps can play a vital role in building a powerful security risk posture at your business. Call Simon or one of our experts today on +61 2 9409 7000 to find out more about cyber education.
By Simon Ryan | CTO
Australia’s new data breach notification scheme has been operating for several months. The scheme requires businesses – as well as government agencies and not-for-profits – that handle personal information and turn over more than $3 million per year to notify people affected by serious data breaches.
They must also inform the Office of the Australian Information Commissioner (OAIC). Failing to meet their obligations could cost businesses up to $2.1 million in fines.
The April-June 2018 Notifiable Data Breaches Quarterly Statistics Report revealed organisations had notified the OAIC of 242 breaches – 59% of which were due to malicious or criminal attacks. A further 36% were due to human error, while only 5% were caused by system faults. While 89% of data breaches compromised contact information, a worrying 42% involved financial details, 39% involved identity information and 25% involved health data.
The most common human error was sending email to the wrong person, followed by the unintended release or publication of personal information. However, the OAIC noted that data breaches involving the loss of storage devices affected the largest number of people, at an average of 1,199 affected individuals per breach.
The Australian Cyber Security Centre (ACSC) found at least 77% of cyber incidents during the quarter occurred due to the theft of credentials such as usernames and passwords.
More information is available from the OAIC and the ACSC.
So what are the lessons for small businesses from the launch of the scheme and the April-June report? The key is to recruit or build security capability internally to comply with the requirements of the data breach notification scheme. The second is to implement robust security systems, policies and processes to minimise the risk of data breaches.
Importantly, this is not a ‘set and forget’ exercise – these systems, policies and processes must be updated regularly to combat new threats and to ensure workers and managers remain aware of their obligations. Talk to Roger and his team of experts today on +61 2 9409 7000 to find out more about protecting your business.
By Roger Carvosso, Product and Innovation Director
As the digital world continues to evolve, so too do cyber threats. Zero-day exploits are becoming both more common and severe, and staying ahead of them is challenging to say the least.
But despite rapid change in the cyber realm in recent years, there is one tried and true technology that remains foundational to protecting an organisation’s digital assets from malicious attacks - the humble firewall.
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of predetermined security rules. It typically establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.
Traditional first-generation firewalls, also known as packet filters, controlled network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. Second-generation firewalls built upon their first-generation predecessors by attempting to increase the level of security between trusted and untrusted networks via proxy services - an interface between the user on the internal trusted network and the Internet.
The newest generation of firewalls - often referred to as next-generation firewalls (NGFWs) - are hardware or software-based network security solutions that can detect and block sophisticated attacks beyond traditional firewall technologies. They perform deeper inspections, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware. NGFWs also offer administrators greater awareness of and control over individual applications. Most are modular, meaning users can choose to purchase and activate features commensurate with their specific needs and risks.
Irrespective of the type of firewall you’re using or considering, perhaps the most important things to weigh up are whether the product meets the specific security requirements of your organisation, as well as whether it is a good fit for your IT environment. And remember, as cyber threats continue to evolve, firewalls remain an integral asset in your cyber defence line.
FirstWave's cloud-based NGFW service offering combines application awareness, deep packet inspection and advanced threat prevention to give companies better control over applications for their cloud deployments while also detecting and blocking malicious threats. Also available as a high availability, managed solution, this offering can be customised to meet high-end, enterprise-specific needs. Learn more.
Talk to Neil or the FirstWave team today on +61 2 9409 7000 to find out more about our cloud-based NGFW service.
By Neil Pollock, COO and Head of International
Australians are avid users of online social media, banking and government services – making individuals and businesses in this country attractive targets for cybercrime.
According to a recent government cybersecurity review, cybercrime costs us about $1 billion in direct costs alone each year. Victims’ business and employment opportunities may dry up, while reputations and well-being are also at risk.
Scammers are increasingly focusing on very small businesses that may lack the resources and expertise to defend themselves against cyberattacks. The Australian Government recently noted a rise in business email scams – particularly targeting businesses with fewer than 10 employees.
The Government has taken a range of measures to build its cybersecurity capabilities. These include the recent launch of a ‘purpose-built’ Australian Cyber Security Centre (ACSC) headquarters to protect critical infrastructure, businesses and the Australian public; integrating the ACSC into the Australian Signals Directorate (ASD), the organisation that works across intelligence, cybersecurity and offensive operations; and consolidating a range of websites, including those for for ACORN (the Australian Cybercrime Online Reporting Network) and the ACSC, into the cyber.gov.au website.
So how can small businesses take advantage of these consolidated government capabilities to improve their cybersecurity? They can access a range of resources through https://cyber.gov.au/business/, including guides, updates and alert services. They may also advise any workers that may be a victim of a cybersecurity incident to report it and obtain advice through https://cyber.gov.au/individual/report/.
Furthermore, they may access information about partnerships between the ACSC and businesses involved in critical infrastructure or systems of national interest. Eligible businesses may receive threat intelligence and incident management support.
We recommend owners and senior managers at small businesses take the time to understand the government’s measures. They should use the government’s cybersecurity materials to build their own knowledge and capabilities – and ultimately improve the cybersecurity posture of their businesses.
Talk to Roger or one of our experts today on +61 2 9409 7000 about protecting your business.
By Roger Carvosso, Product and Innovation Director
Cyber threats abound in the digital age, and organisations – large and small – must prepare for the fire.
Attacks are not only becoming more frequent and sophisticated, they are also wreaking greater havoc on companies, governments and critical infrastructure – a trend that’s certain to continue over the years to come. Building and maintaining a strong cyber posture is paramount in preparing for the next generation of attacks, and doing this requires the right people and processes, as well as tools and technologies.
The following three steps will help your organisation evolve beyond tactical and short-term cyber security solutions, and focus on more effective, longer-term strategies.
Number 1: Increase awareness
Management needs to take proactive steps to increase their cybersecurity awareness and not only acknowledge the risks, but lead and own actions and decisions. Cybersecurity must also be recognised as everyone’s responsibility rather than that of the IT department alone.
Number 2: Know what’s at risk
Data is one of the most valuable assets of any business. In a breach, internal and confidential data, as well as customers’ data could be leaked, modified or stolen. Detail severity levels and the required responses for each.
Number 3: Deploy cutting-edge cyber solutions
Businesses and government agencies need affordable access to the most advanced, comprehensive and adaptive cloud-based cyber security solutions if they are to mitigate zero-day cyber threats.
At FirstWave, we have developed and deployed machine learning and API technologies that automate, accelerate and optimise cloud-security delivery, threat protection and security management to more than 300 small to medium businesses, as well as enterprise and government customers.
The severity, scope, and cost of a security breach increases with every hour it remains unresolved. And while there is no silver bullet that is guaranteed to stop attacks, your organisation can take effective steps that minimise the damage. Planning and preparation are key to reducing the impact of cyber exploits on your business and its customers so please call us today on +61 2 9409 7000.
By Bardia Khalilifar, National Cyber Security Channel Manager
Cybersecurity can be a big problem for small to medium businesses (SMBs). In fact, SMBs account for 43 percent of all cybercrime targets.
And as SMBs increasingly rely on the online world for their day-to-day activities, the potential for systems to be compromised or a loss or breach of data continues to increase. The good news is that business owners can substantially reduce the risk of cyber-attacks by exercising good cyber hygiene.
Here are six cybersecurity best practices for your small to medium business:
Number 1: Take stock of your hardware and software
By documenting these, you will find it easier to hone in on vulnerabilities. For example, unused hardware should be securely wiped and disposed of properly. Likewise, software and apps need to be updated regularly or uninstalled.
Number 2: Educate employees
Your employees are at the frontline of your business. As such, it is critical that they are aware of and sufficiently trained on your company’s network security policies.
Number 3: Enforce using safe passwords
According to the Verizon 2016 Data Breach Investigations Report, 63 percent of data breaches happened due to lost, stolen or weak passwords. Strong passwords consist of upper- and lowercase letters, numbers and symbols. All passwords should be changed every 60 to 90 days.
Number 4: Use multi-factor authentication (MFA)
MFA adds an extra layer of security on top of passwords, providing an additional barrier for an attacker to breach. This is typically done by generating a one-time token (or code) that is sent to the authorised user to enter when logging in.
Number 5: Regularly backup all data
While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. Be sure to also back up all data stored on the cloud.
Number 6: Install anti-virus software
It is essential to have an anti-virus tool installed on all devices and the network, particularly to help protect against phishing attacks.
Securing your business, its data and infrastructure, isn’t a one-off effort – it requires an ongoing commitment to good cyber hygiene practices.
Please call Simon or one of our team today on +61 2 9409 7000 to find out more.
By Simon Ryan | CTO