There is a lot more to the internet than most of us know!
Last Friday, 3 November 2018, I attended an event hosted by the Christchurch branch of the Institute of Directors, where the General Manager of Aura Information Security, Peter Bailey spoke about cyber risk. He educated us on the dark web, risks and some key areas to mitigate them.
My Summary Notes:
- To test an organisation’s cybersecurity, the ‘hackers’ don’t just attack on line – they use a wide range of tactics. In large organisations, they’ve even followed people into secure buildings and just set themselves up In the office ‘hot desking’ and been able to guess passwords, access networks and pick up other valuable IP.
- Some of the largest breaches/hacks have come from company’s third party suppliers. Target had their client’s credit card details lifted, on of the biggest hacks of all, and it’s alleged that they were hacked via their air conditioning supplier!
- It’s important to understand the security your Cloud provider offers, as well as your third party suppliers. The NZ Government Cloud Risk Assessment tool can be used for private business too and is a good guide as to the questions you need to ask and the areas to focus on, before signing up a new cloud provider.
- Maersk suffered a large attack in 2017 where Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. This attack is further detailed in this article titled “It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind”. Their CEO, Soren Skou in an interview with Forbes, outlines the actions they took in response to the attack.
- In 2017, it was recorded that the average data security breach cost a business AUD $2.5 Million – this is reflective of the size of the organisation, small organisations will likely be <$1M and larger ones >$6.5M.
- If compromised, the cost per record to the organisation is around $139. These records are often then sold on the dark web for a lot less.
- Cyber theft has changed – it used to be credit card details but with increased bank security and better monitoring of transactions that’s changed and now it’s all about PII - Personal Identification Information.
- “FULLZ” are often sold on the dark web – this means full PII (Personal Identification Information) – eg: a scan of your passport page, or a scan of your credit card along with your date of birth, full name etc. Fullz mean your complete personal identity can be stolen.
- Hacker capability is rapidly increasing as many share their tips and tricks! The cybersecurity experts tend to be slightly behind due to having non-disclosure agreements in place so needing client approval, and then to sanitise data and details before sharing their learnings.
Tips For Business Leaders to Mitigate Cyber Risks:
- Stay informed and educated – many available resources such as CERT. If there is a breach, contact CERT for support.
- Ensure all people with a login to your system and servers understand the business’ cybersecurity risks – many incidents occur when an employee clicks on the link in a suspect email (refer to the Maersk incident above).
- Stay up-to-date with all software updates.
- Have a robust backup and restore solution in place for your data - and test it!
- Consider your context and consider engaging a cybersecurity expert team can be around two blocks of 8-10 weeks of work, and a cost of around $10K NZD per block. And evaluate cyber liability insurance.
SOURCE: All information summarised from the IP presented and shared by Peter Bailey of Aura Information Security.
