by Martin Quinn(Principal Consultant) 13 March 2013
Having read the front page news of the Australian Financial Review on Monday, you could not have missed the headline “Cyber-attackers penetrate Reserve Bank networks”. So, if the RBA security can be compromised, what does this mean for other businesses? The article reads: “After investigations by The Australian Financial Review,
Reserve Bank of Australia officials disclosed that the central bank had been infiltrated by a Chinese-developed malicious software, or “malware” spy program that was seeking intelligence on sensitive G20 negotiations…Many confidential government files were then “redirected to Chinese sites”. More than 10,000 state computers needed to be shut down.”
Every organisation has a weak chink in their armour, as with the RBA it was their executives who had inadvertently allowed their email addresses into the public domain, giving the attackers the ammunition they needed. The attackers performed targeted (known as spear phishing) attacks on the unaware individuals until they got in.
So how do we protect against these nefarious and treacherous culprits? The best way is by not allowing information to disseminate into the public domain (i.e. use generic contact, informational or PR email addresses) and train staff in what a phishing attack is so that they can recognise the signs.
At the end of the day, a determined attacker has time on their side and will exploit a moment of weakness. The sad fact is that the bad guys only have to be right once and you’re done, whereas the security guys have to be 100% right 100% of the time.
Read the complete article here
Contact Intact Security for an obligation free chat on 02 9227 8201
Relax, your Security is Intact
Author: Intact Security