Scott Morrison’s urgent hacking warning and what it means to your business
Last week Prime Minister Scott Morrison made an announcement that Australia is being targeted by a state sponsored hacking group.
Reading between the lines, the timing of the P.M.’s announcement is surely equal parts political posturing and legitimate warning to Australians and Australian Businesses. Despite the P.M.’s refusal to name the country responsible there is no shortage of speculation as to who is behind these attacks with most commentators pointing the finger directly at China.
Whether or not China is behind these latest wave of attacks we may never know but regardless of who is doing it there are a couple of important things you should know.
These attacks have not just suddenly started
Cyber attacks against Government and private enterprise are nothing new, they have been occurring since the very first computer rolled off the production line in 1951 and they will never stop. In the 1990’s Internet connectivity rapidly increased and those connected to it became targets for cyber attacks of all kinds. While I don’t pretend to have any special knowledge of how ASIO and other spy agencies around the world operate you can bet the farm on it that they take every opportunity to use technology to spy on foreign governments every minute of every day.
No specific threats have been announced
Unless ScoMo gives us more details about why he made his announcement when he did (while at the same time giving us very little detail) we can only put in place generic cyber security defences.
You are probably not a target
Most Australian businesses are not going to be targeted directly, those of us running small businesses in Australia don’t hold state secrets, don’t have massive cash or crypto currency reserves and are of no real interest to hacking groups. We can use this information to better protect ourselves by following time proven methods of keeping our businesses protected as well as we can.
There are steps that you can take today to improve your digital security
You’ve heard all of this before, the recommendations below are nothing new. Some of you have listened and implemented all of the suggestions below, to you I say well done, you are better protected than most businesses. If you are one of those who has only some of these things in place then take this opportunity now to improve your security stance and protect your business.
- Enable Multi Factor Authentication for everything and everyone. This is the number 1 thing you can do to protect yourself. If you haven’t got MFA, especially for your cloud hosted services then it is only a matter of time before your systems are compromised.
- Limit the number of people within your business who have access to administrative user accounts. Not just for your desktop computers but for online services as well. Things like domain name registration passwords, email and web hosting accounts can all be used to attack your business. Consider putting your I.T. provider exclusively in charge of all administrator level credentials, their security systems are likely to be better than yours.
- Train your staff. Almost all password compromises are the direct result of a staff member falling victim to a scam email. If you’ve got some staff who are not ‘I.T. savvy’ do not let them have access to sensitive passwords.
- Install (and maintain) reputable anti-malware software. Good virus protection is still very important and should not be overlooked.
- Conduct a detailed audit of your cyber security systems to get a clear idea of what areas you are doing well in and which areas need work. Consider hiring the services of an external penetration testing organisation. These types of businesses use ethical hackers who will try to break in to your systems and provide a report showing what needs to be fixed.