how to protect your business & clients from … · flaws or encryption missing email addresses...
TRANSCRIPT
HOW TO PROTECT
YOUR BUSINESS &
CLIENTS FROM
CYBER ATTACKS?
WHAT IS
CYBERCRIME?
Australian Cyber Crime Act 2001
…an illegal activity carried out against computer data and systems..The broader definition also includes “computer-related offences, as well as content and copyright infractions”.
WHAT IS CYBERCRIME?
cybernetic-gi.com
VIDEO by Deloitte
ROBERT MUELLER – FBI Director, 2012
There are only two types of
companies: those that have
been hacked, and those that
will be.
cybernetic-gi.com
CAMBRIDGE UNIVERSITY & LLOYDS, 2016
The amount of cyber
insurance being purchased
in Australia [has] increased
168 fold in the last two years
cybernetic-gi.com
http://www.businessinsider.com.au/not-enough-executives-know-effective-cyber-security-strategy-and-its-costing-the-australian-economy-17-billion-annually-2016-11
76 million households&
7 million businesses
JPMorgan Chase2014
Credit Card Details
Financial Records
Personal Details(phone numbers, addresses)
COMPROMISED
DATA
cybernetic-gi.com
1 million individuals
Australian Red Cross2016
Personal Details
Potential Health Records
Sexual History Records(and contact details like phone
numbers, addresses)
AUSTRALIA’S
BIGGEST DATA
BREACH YET
DATA
cybernetic-gi.com
40 million Credit Cards.
TargetDec, 2014
· 1-3 Million Credit Cards.
· Sold for $27-$135 each.
· $53.7 Million stolen before
banks could block cards.
COMPROMISED
STOLEN
TARGET: $10 Million to
fraud victims.
BANKS: $200 Million in
card replacements
COST
cybernetic-gi.com
750,000 Records
Aussie Travel CoverDec, 2014
· Travel Details
· Policies
· Personal Details
(phone numbers, addresses)
COMPROMISED
DATA
cybernetic-gi.com
8 PAGES of Email
Address Records
Centrelink2016
· CC instead of BCC everyone
· Resend the incorrect email
· Potential email security
flaws or encryption missing
EMAIL ADDRESSES
COMPROMISED
HOW?
cybernetic-gi.com
$450,000 OF RATE
PAYERS MONEY
SCAMMED
Reference:
http://www.abc.net.au/news/2016
-08-16/brisbane-city-council-
loses-450k-to-
scammers/7746812
Brisbane City Council2016 PHISHING EMAIL –
PAYMENT & ID
DETAILS IMITATED
cybernetic-gi.com
WHAT ARE THE
CURRENT TRENDS
IN CYBER CRIME?
CYBERCRIME IS ON
THE RISE
Breaches increased by
15% in 2015.
TRENDS IN CYBER CRIME
SMALL TO MEDIUM
BUSINESSES
TARGETED
In 2016, Australia is
second highest target
country in the world (after
Japan) for Ransomware
CRIMINALS LOVE
SOCIAL MEDIA
70% of social media
scams in 2014 were
manually shared by people
to their friends
cybernetic-gi.comhttp://www.cso.com.au/article/607329/australia-leads-apac-
reported-data-breaches-even-without-breach-notification-laws/
STEALTH ATTACKS
It takes businesses on average 8 months before
they realise they have been breached.
TRENDS IN CYBER CRIME
ATTACKS ARE LONGER
More breaches per minute, hour, year
increase almost double fold in 2016 so far from
2015.
ATTACKS ARE MORE
TARGETED
Companies admit that they can only successfully notice these attacks only 25% off the times at an average or
even less.
cybernetic-gi.com
WHAT ARE COMMON
CYBER ATTACKS?
SPEAR-PHISHING ATTACKS- Increased 25% in 2015 for phishing emailing attacks
- More than 23.7% business in Australia suffered
business interrupting breaches in 2015, double than
2014.
- TREND: Sent via valid, but stolen corporate emailing
accounts.
TROJANIZED SOFTWARE
Hackers hide their malware inside of software
updates, and wait for the company to infect itself with
the update.
COMMON ATTACKS2013-2016
RANSOMWARE
Cybercriminals encrypt networks and computers and
extorting money from the owners in exchange for the
encryption key.
- Increased by 220% in 2016 just between Q1 vs Q2.
- COST: Minimum ransom starts $300-$500 dollars
MOBILE MALWARE
- 14% increase in malware (Q1 vs Q2, 2016).
- Around 1 million apps on the market used to steal
information such as mobile banking details and
confidential emails.
cybernetic-gi.comReference: https://securelist.com/analysis/quarterly-malware-reports/75640/it-threat-evolution-in-q2-2016-statistics/
WHY ARE
BUSINESSES A
TARGET?
cybernetic-gi.com
STEP ONE
ATTACKS FROM WITH IN THE COMPANY
LARGE VOLUME OF SENSITIVE
INFORMATION
TOO UNCONCERNED WITH CYBER SAFETY
INSUFFICIENT IT SECURITY
WHY ARE YOU UNDER ATTACK?
HOW WILL IT IMPACT
YOUR BUSINESS &
CLIENTS?
IMPACT ON YOUR BUSINESSWHAT IS THE PRICE OF POOR IT SECURITY?
REVENUEPRODUCTIVITY REPUTATION
If a cybercriminal gains access to your network, it will generate loss of
productivity, compromise your data and possibly that of your clients, it will
impact your company’s reputation, and could even result in law suits.
cybernetic-gi.com
24
- Mandatory Breach Reporting will soon be introduced
by the Australia Government.
- The new draft legislation will amend the Privacy Act to
require companies to disclose to their clients if their
data is compromised.
- Increase regulation and financial burdens on
organisations who do not report.
Reference - http://www.arnnet.com.au/article/608773/mandatory-
data-breach-notification-laws-hit-parliament/
MANDATORY DATA BREACH REPORTING
cybernetic-gi.com
HOW CAN YOU
PROTECT YOUR
BUSINESS?
EASY STEPS YOU SHOULD TAKETHE DEVIL IS IN THE DETAILS…
STRONGER PASSWORDS
- The most over looked security measure.
- Change passwords every 3-6 months
- Delete old email accounts
IT SECURITY POLICY
- Educate everyone in your company on
policy regarding password sharing, email
attachments etc.
FIRST RESPONSE PROCEDURE
- Plan on how to deal with a network breach
- Who do you call?
- What systems do you take offline?
- Educate all your staff
UPDATE YOUR SOFTWARE
- Regularly update your software and
patch any vulnerabilities.
cybernetic-gi.com
27
- Determine the business value of IT assets.
- Calculate cost from loss of those assets and the
impact on business elements.
- Assign recovery priorities to the assets.
- Should complete annually.
BUSINESS IMPACT AND RISK ASSESSMENT
cybernetic-gi.com
28
24/7/365 PROTECTION
- Using Industry-leading tools, certified IT experts secure your
information assets 24/7/365.
- With live monitoring we can track spikes in your networks data
stopping attacks before they occur.
- Often at a fraction of the cost of in-house security resources.
MANAGED SECURITY SERVICES
cybernetic-gi.com
29
- A real-life simulated attack conducted by a certified
Ethical Hacker.
- Provides a comprehensive assessment of your IT
security.
- Identify the weaknesses in your IT system and
remove them before cybercriminals can gain access.
PENETRATION TESTING
cybernetic-gi.com
BEST PRACTICES
Strong Passwords, Firewalls, Antivirus
Software, Encyption.
MANAGED SECURITY SERVICE
Live defense against cyber criminals.
Up-to-date system protection.
PENETRATION TESTING
Secure your IT Infrastructure by
conducting a comprehensive test on its
safety. Remove vulnerabilities before
they can be exploited in real-life.
CONCLUSION
MANDATORY BREACH REPORTING
News laws will penalise companies
who do not report breaches in thier
networks.
RISK ASSESSMENT
Have a clear understanding of your
system and the devices that support it.
Secure your end-points to prevent
attacks from the inside.
STAY SAFE
It is always better to be proactive with
your IT Security, so when the time
comes, you don’t have to be reactive.
cybernetic-gi.com
Our Office
L 19, 1 Eagle St, Brisbane QLD, 4000
Our Phone
1300 292 376
GET IN TOUCH WITH US OPEN WEEKDAYS 8am – 5:30pm
Website
www.cybernetic-gi.com