All businesses need to remain vigilant
Scott Morrison this morning made an address to the nation advising of a range of cyber attacks aimed at Australian Government Departments and Businesses which are suspected to be coming from a state-based attacker. The main industries that appear to be targeted through this attack include:
- Government and Industry departments and bodies
- Political organisations
- Education providers
- Healthcare and other essential services
- Other critical infrastructure organisations
Whilst these are the key areas identified initially, all Australian businesses need to remain vigilant during this time. Whilst attacks such as these are not a new thing to Australian businesses, Scott Morrison suggested that the volume of attacks has increased considerably, heightening the potential impact to Australian organisations.
The Australian Cyber Security Centre (ACSC) has also released additional information on what they are calling ‘Copy-paste compromises’, aptly named from the attackers heavy use of copied open source tools.
As for any organisation, we highly recommend that you regularly carry out Cyber Security Assessments to ensure your security posture provides your organisation the with resilience it needs, not only during these times, but also from an ongoing basis. The ACSC has previouslty published a list of recommended security protocols for all organisations known as the ‘Essential Eight’. These eight components dramatically reduce your risks against the commonly exploited security points. Whilst this only forms a small part of ways to solidify your security practices, it is a great place to start.
As a Cyber Security Service provider, ONGC have developed a security review process to assist organisations continually improve their security posture. Not only does this include a review of the ACSC Essential Eight, but it also covers an additional range of areas. One of the most important areas is around educating your team on how to identify and manage cyber threats.
Our aim is to provide organisations with a staged approach to security which applies ongoing security improvements without having to have a significant impact to cashflow. As they say, Rome wasn’t built in a day; security is an ongoing investment and not a one-time fix that is ‘set and forget’.
At a bare minimum, we recommend that you have Multi-factor authentication enabled on your systems which is a great additional security layer to prevent unauthorised access to your platforms. MFA and other things that should also be considered include:
- Multi-Factor Authentication
- Password Management
- Advanced Endpoint Protection
- Commercial Grade Firewalls
- Dark Web Scanning
If you are not clear on your security position or have concerns about your exposure, please reach out to our team. We are here to help and provide the answers you need to ensure you mitigate these types of risks.