cybercrime & it threats - what you need to know! · properly and adversely affects sales and...
Post on 22-May-2020
1 Views
Preview:
TRANSCRIPT
Cybercrime amp IT Threats
What You Need to Know
By Salim Sukari
Table of Contents
Chapter 1 How Australian Businesses are Vulnerable 7
9
Why your small business is a target 9
Chapter 2 Common Threats to Every SMB 11
Malware 11
Ransomware 12
Trojan Viruses 12
Key Logger Virus 13
Worms 13
Phishing Scams 13
Web-based Attacks 14
Botnets 15
Denial of Service attacks 15
Malicious Insiders 16
Stolen Devices 17
Stay Vigilant 18
Chapter 3 IT Security Incidents in the Last Two Years 19
Cybercrime in Australia 19
Ransomware on the Rise 21
High Profile Incidents 22
the future outlook for cyber-crime 23
Chapter 4 The Future of IT Security 24
24
A New Era of Data Protection 26
IT Security in the Cloud 27
IT Security and the Internet of Things 29
Conclusion 31
Introduction
Australian business is booming and this is largely due to the power of the
internet Now even the smallest business is able to streamline their work
processes reach out to customers around the world and manage massive
amounts of data And thanks to cloud computing and mobile technology we
can carry the internet around with us in our pockets and work shop and
communicate on the go
In addition social media platforms such as Facebook Twitter and LinkedIn
are giving Australian businesses and entrepreneurs new ways to build their
businesses establish their authority and enhance their brand and then
promote themselves
But the internet has its dark side too Any company doing business online is
at risk of attack from cyber criminals who are out to steal your data commit
fraud and exploit any weakness in your IT systems These security breaches
can come in the form of viruses and phishing scams or you could even be
targeted by disgruntled employees or activists But however your IT security
is attacked the fallout in terms of costs downtime loss of reputation and
possible legal proceedings can be huge and potentially devastating to any
small business
So with ever increasing numbers of businesses providing their services and
products online and using the internet to make financial transactions there
is a greater need than ever before for robust security measures to protect
your business your customers and your reputation You need to learn about
the dangers your company faces and how to mitigate risk so that youre
always one step ahead of the cyber criminals
About Empower IT Solutions
Empower IT Solutions has been providing exceptional service to Australian
businesses nationwide since 2004
The company specialises in providing IT solutions in industries including but
not limited to Health Education Professional Services and Retail The
company offers Managed Services IT Services Cloud-based solutions and
software development services
As Microsoft certified partners our staff focus on building and maintaining
relationships and ensuring their clients deploy the right technologies as their
business grows
Empower IT has put together this eBook to help you learn about the risks and
how they could impact your company and to teach you about what you can do
to stay safe online
We hope that youll find it to be an informative and useful guide that helps you
to keep your IT networks secure while ensuring that you are making the most
of the internet to boost your business
If you feel your business is vulnerable to IT attacks or wish to check how
secure your business systems are write to us at csempoweritcomau or
just give us a call at 1300 787 888 and speak to one of our consultants
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
Table of Contents
Chapter 1 How Australian Businesses are Vulnerable 7
9
Why your small business is a target 9
Chapter 2 Common Threats to Every SMB 11
Malware 11
Ransomware 12
Trojan Viruses 12
Key Logger Virus 13
Worms 13
Phishing Scams 13
Web-based Attacks 14
Botnets 15
Denial of Service attacks 15
Malicious Insiders 16
Stolen Devices 17
Stay Vigilant 18
Chapter 3 IT Security Incidents in the Last Two Years 19
Cybercrime in Australia 19
Ransomware on the Rise 21
High Profile Incidents 22
the future outlook for cyber-crime 23
Chapter 4 The Future of IT Security 24
24
A New Era of Data Protection 26
IT Security in the Cloud 27
IT Security and the Internet of Things 29
Conclusion 31
Introduction
Australian business is booming and this is largely due to the power of the
internet Now even the smallest business is able to streamline their work
processes reach out to customers around the world and manage massive
amounts of data And thanks to cloud computing and mobile technology we
can carry the internet around with us in our pockets and work shop and
communicate on the go
In addition social media platforms such as Facebook Twitter and LinkedIn
are giving Australian businesses and entrepreneurs new ways to build their
businesses establish their authority and enhance their brand and then
promote themselves
But the internet has its dark side too Any company doing business online is
at risk of attack from cyber criminals who are out to steal your data commit
fraud and exploit any weakness in your IT systems These security breaches
can come in the form of viruses and phishing scams or you could even be
targeted by disgruntled employees or activists But however your IT security
is attacked the fallout in terms of costs downtime loss of reputation and
possible legal proceedings can be huge and potentially devastating to any
small business
So with ever increasing numbers of businesses providing their services and
products online and using the internet to make financial transactions there
is a greater need than ever before for robust security measures to protect
your business your customers and your reputation You need to learn about
the dangers your company faces and how to mitigate risk so that youre
always one step ahead of the cyber criminals
About Empower IT Solutions
Empower IT Solutions has been providing exceptional service to Australian
businesses nationwide since 2004
The company specialises in providing IT solutions in industries including but
not limited to Health Education Professional Services and Retail The
company offers Managed Services IT Services Cloud-based solutions and
software development services
As Microsoft certified partners our staff focus on building and maintaining
relationships and ensuring their clients deploy the right technologies as their
business grows
Empower IT has put together this eBook to help you learn about the risks and
how they could impact your company and to teach you about what you can do
to stay safe online
We hope that youll find it to be an informative and useful guide that helps you
to keep your IT networks secure while ensuring that you are making the most
of the internet to boost your business
If you feel your business is vulnerable to IT attacks or wish to check how
secure your business systems are write to us at csempoweritcomau or
just give us a call at 1300 787 888 and speak to one of our consultants
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
IT Security in the Cloud 27
IT Security and the Internet of Things 29
Conclusion 31
Introduction
Australian business is booming and this is largely due to the power of the
internet Now even the smallest business is able to streamline their work
processes reach out to customers around the world and manage massive
amounts of data And thanks to cloud computing and mobile technology we
can carry the internet around with us in our pockets and work shop and
communicate on the go
In addition social media platforms such as Facebook Twitter and LinkedIn
are giving Australian businesses and entrepreneurs new ways to build their
businesses establish their authority and enhance their brand and then
promote themselves
But the internet has its dark side too Any company doing business online is
at risk of attack from cyber criminals who are out to steal your data commit
fraud and exploit any weakness in your IT systems These security breaches
can come in the form of viruses and phishing scams or you could even be
targeted by disgruntled employees or activists But however your IT security
is attacked the fallout in terms of costs downtime loss of reputation and
possible legal proceedings can be huge and potentially devastating to any
small business
So with ever increasing numbers of businesses providing their services and
products online and using the internet to make financial transactions there
is a greater need than ever before for robust security measures to protect
your business your customers and your reputation You need to learn about
the dangers your company faces and how to mitigate risk so that youre
always one step ahead of the cyber criminals
About Empower IT Solutions
Empower IT Solutions has been providing exceptional service to Australian
businesses nationwide since 2004
The company specialises in providing IT solutions in industries including but
not limited to Health Education Professional Services and Retail The
company offers Managed Services IT Services Cloud-based solutions and
software development services
As Microsoft certified partners our staff focus on building and maintaining
relationships and ensuring their clients deploy the right technologies as their
business grows
Empower IT has put together this eBook to help you learn about the risks and
how they could impact your company and to teach you about what you can do
to stay safe online
We hope that youll find it to be an informative and useful guide that helps you
to keep your IT networks secure while ensuring that you are making the most
of the internet to boost your business
If you feel your business is vulnerable to IT attacks or wish to check how
secure your business systems are write to us at csempoweritcomau or
just give us a call at 1300 787 888 and speak to one of our consultants
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
Introduction
Australian business is booming and this is largely due to the power of the
internet Now even the smallest business is able to streamline their work
processes reach out to customers around the world and manage massive
amounts of data And thanks to cloud computing and mobile technology we
can carry the internet around with us in our pockets and work shop and
communicate on the go
In addition social media platforms such as Facebook Twitter and LinkedIn
are giving Australian businesses and entrepreneurs new ways to build their
businesses establish their authority and enhance their brand and then
promote themselves
But the internet has its dark side too Any company doing business online is
at risk of attack from cyber criminals who are out to steal your data commit
fraud and exploit any weakness in your IT systems These security breaches
can come in the form of viruses and phishing scams or you could even be
targeted by disgruntled employees or activists But however your IT security
is attacked the fallout in terms of costs downtime loss of reputation and
possible legal proceedings can be huge and potentially devastating to any
small business
So with ever increasing numbers of businesses providing their services and
products online and using the internet to make financial transactions there
is a greater need than ever before for robust security measures to protect
your business your customers and your reputation You need to learn about
the dangers your company faces and how to mitigate risk so that youre
always one step ahead of the cyber criminals
About Empower IT Solutions
Empower IT Solutions has been providing exceptional service to Australian
businesses nationwide since 2004
The company specialises in providing IT solutions in industries including but
not limited to Health Education Professional Services and Retail The
company offers Managed Services IT Services Cloud-based solutions and
software development services
As Microsoft certified partners our staff focus on building and maintaining
relationships and ensuring their clients deploy the right technologies as their
business grows
Empower IT has put together this eBook to help you learn about the risks and
how they could impact your company and to teach you about what you can do
to stay safe online
We hope that youll find it to be an informative and useful guide that helps you
to keep your IT networks secure while ensuring that you are making the most
of the internet to boost your business
If you feel your business is vulnerable to IT attacks or wish to check how
secure your business systems are write to us at csempoweritcomau or
just give us a call at 1300 787 888 and speak to one of our consultants
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
About Empower IT Solutions
Empower IT Solutions has been providing exceptional service to Australian
businesses nationwide since 2004
The company specialises in providing IT solutions in industries including but
not limited to Health Education Professional Services and Retail The
company offers Managed Services IT Services Cloud-based solutions and
software development services
As Microsoft certified partners our staff focus on building and maintaining
relationships and ensuring their clients deploy the right technologies as their
business grows
Empower IT has put together this eBook to help you learn about the risks and
how they could impact your company and to teach you about what you can do
to stay safe online
We hope that youll find it to be an informative and useful guide that helps you
to keep your IT networks secure while ensuring that you are making the most
of the internet to boost your business
If you feel your business is vulnerable to IT attacks or wish to check how
secure your business systems are write to us at csempoweritcomau or
just give us a call at 1300 787 888 and speak to one of our consultants
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
About the Author Salim Sukari
investment in Microsoft Technologies
Salim has worked with Australian businesses for almost two decades and has
a deep understanding of various business models and processes He deeply
understands the security issues faced by small and medium sized businesses
and is out on a mission to help organisations safeguard their business
systems
This eBook is a result of his extensive knowledge and experience in the
Australian market and was penned with a goal of bringing to light the risks
that impact small and medium businesses and highlighting the steps that
businesses need to take to stay safe online
Whether you are a security expert an IT administrator or business owner
Salim guarantees there is a lot of useful information you can use to safeguard
your business
Salim as well as the team at Empower IT hope you enjoy the eBook
Happy Safe-Browsing
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 7
Chapter 1 How Australian Businesses are
Vulnerable
Australia has always been a nation that has embraced new technology - indeed considering
the huge distances between our major cities the internet is crucial to our way of life helping
us to do business communicate and socialise But the more we are online the more we leave
ourselves open to cybercrime
Criminals from both local and international locations are taking advantage of the huge leaps
in technology to enable their illegal activity The best way to stop this is by being informed and
staying abreast of all the latest information aimed at keeping your business safe
Lets start off by looking at what is meant by cybercrime
Crimes such as hacking distribution of malware viruses and denial of service attacks
that are directed at computers or any information communication technology
Crimes in which computers are used to commit an office rather than being targets of
it this could include fraud identity theft or the distribution of offensive material such
as pornography
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 8
This eBook will mainly concentrate on the former definition looking at how malware can affect
your company and what you can do to combat these types of threats
We need to keep cyber criminals at bay not just to ensure our
businesses are secure but also to help the countrys economy
as a whole
Some 60 of Australians have now been a victim of cybercrime
in their lifetime and nearly 47 of these victims have been
targeted in the past 12 months
Increasing numbers of cyber security breaches lead to an
erosion of trust that puts off investors slowing the growth of
the economy
An unclassified threat report compiled by the Australian Cyber
Security Centre found that in 2014 the national computer emergency response team had to
respond to 11073 cyber security incidents And this is just one study
Another survey by the Ponemon institute has shown that the cost of cybercrime in Australia
has escalated 33 since its first study three years ago The institute also estimated that the
of 30 organisations
to be $43 million
There are few companies that would be able to cope with a 43 million dollar attack and small
and medium companies make up to nearly 97 of all Australian businesses If we dont start
taking measures to stay safe the nation could be in economic jeopardy
The Australian
Crime Commission
estimates that
cybercrime now
costs the country
more than a billion
dollars each year
with the figures
rising as cyber
criminals become
more sophisticated
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 9
Cybercrime and SMB
Data breaches often make the news headlines such as when laboratory Medvet was attacked
Kmart Australia suffered a security breach that resulted in the exposure of customer details
But when such tales of cybercrime are in the news they tend to be about attacks on big
companies where the results are losses of millions of dollars or the theft of thousands of
Many SMB owners are often lulled into a false sense of
security believing that their IT is safe and that they wont be
of interest to hackers But this is a very dangerous mindset
SMBs just like yours are regularly attacked by a broad
spectrum of cyber criminals including malicious insiders
and criminals using malware viruses worms Trojans and
botnets Plain bad luck plays its part too with many crimes
being committed using stolen or lost devices
These attacks are expensive as they disrupt services and
cause downtime that prevents staff from doing their jobs
properly and adversely affects sales and work processes In
fact downtime accounted for nearly half of each
study Detection and recovery also costs money accounting
for 53 of internal costs most of which is paid out to
experts to come in and fix problems
Why your small business is a target
Being a powerful economy with an English-speaking and highly connected population
Australia is a tempting target for hackers from all over the world And they are helped by the
fact that at the moment there are so few IT security regulations in place
Attacks are
commonplace the 30
companies in the
Ponemon survey alone
reported 47 successful
attacks a week up from
41 in 2012
The time it takes to
resolve issues is
getting longer too
up to 23 days on
average Attacks by
insiders or staff can
take up to 51 days to
contain and solve
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 10
Criminals are helped by the fact that many Australian
businesses place too much faith in their current security
setup and dont realise just how sophisticated hacking and
cybercrime is becoming Whats more there is a skills
shortage in the Australian IT arena Most small businesses
dont have the resources to hire effective security analysts
to continuously monitor extended networks and detect any
infiltrations
This is why there is such a strong need for more education
and awareness in this area so that IT security is seen as
something that gives SMBs a competitive edge - not just a
set of defensive actions that need to be taken to merely
stay secure After all the damage to a companys
reputation and brand image after a security breach can be
catastrophic and most people would prefer to deal with
companies that have a good reputation for security A good
IT security roadmap will boost your business as well as
keep you safe and this is something that every small
business owner will appreciate
In the next chapter well be looking at the types of cyber-attack and malware that are being
routinely used to target Australian businesses We will tell you what dangers you should be
looking out for and learn how to keep your business safe from online attacks
The Australian
government recently
carried out a Cyber
Security Review which
found that organised
crime gangs carry out
most of the nations IT
security breaches
(92) with 14 of
attacks coming from
insiders The overlap in
figures is due to the
fact that sometimes
insiders and outsiders
work in collusion The
study also found that
stolen credentials are
the number one cause
of these breaches
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 11
Chapter 2 Common Threats to Every SMB
Cyberciminals are becoming highly efficient and sophisticated in their attacks on the SMB
-hanging fruit often riddled with security
holes that make their job a breeze In this next section of our eBook we will cover some of the
of them at the very least
Malware
Most threats to your security will come in the form of
malware which is a malicious type of software created to
cause damage to your systems or to steal data once it has
installed itself into your systems
Malware could also vandalise and destroy software steal
sensitive information passwords and account details
using spyware force unwanted advertising onto your
systems via adware spread email spam or porn and even
A study by the firm
SecurityScorecard
which specialises in
tracking companiesrsquo risk
of intrusion found more
than 4700 organisations
which were infected by
some type of advanced
banking malware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 12
extort money from you using ransomware that encrypts your data until a fee is paid to unblock
it
Ransomware
Ransomware is a type of malicious software that restricts access to the
infected computer system by systematically encrypting all files and
documents This malware then prompts the user to pay a ransom
(around the $1000 AUD mark) in order to have the restriction removed
The most popular form of Ransomware is the CryptoLocker malware which uses a strong
encryption algorithm to lock all valuable user files in the background without user awareness
Once all the relevant files are encrypted it demands the user pay a ransom in BitCoins within
a specific timeframe (usually 1 to 2 days) before the files are permanently deleted
Trojan Viruses
A Trojan virus is a malware hidden in an innocuous email Once you
click on the link in this email it can lead to the infection of your
computer networks within a few minutes You may come across some
seemingly useful software via email or on the web that will do huge
damage if you download it to your computer
People are often tricked as they think they are clicking on legitimate files from a legitimate
source Trojans may contain the usual silly pranks or do real damage by destroying
information creating backdoors for hackers or compromising your personal data They dont
reproduce or self-replicate but can still do great damage and cause huge frustration
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 13
Key Logger Virus
A Key Logger virus is a software that is designed to secretly monitor
and log all keystrokes with the purpose of collecting confidential user
information such as bank account logins personal information etc Once
a cyber-criminal has got hold of confidential user data they can easily
account Unfortunately access to
confidential data can sometimes have consequences which are far more
Worms
A computer worm is a virus but can replicate itself and move from
computer to computer without the user clicking or running any program
It moves via file or data transport features - email messenger or file
sharing Even if they dont actually do any harm worms can use up your
computer processing time and take up your bandwidth as they replicate
BUT if worms are carrying a malicious payload you could end up with deleted or encrypted
files or even have a backdoor opened in your computer allowing a hacker to take control of
your computer and create whats called a zombie computer Email spammers often create
worms to help send their junk mail and they send copies of themselves to everyone in your
computers address book
Phishing Scams
Phishing scams are so called as they emulate real life fishing Hackers
and criminals tempt you with bait and can be rewarded by catching
sensitive information like usernames passwords or bank account
details Most often the bait comes in the form of emails that appear
to be from trusted or legitimate companies or people such as banks
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 14
service providers and acquaintances You may be asked to provide certain private information
or follow links that direct you to fake (though often very realistic looking) sites that will infect
your systems with malware
A common phishing scam is a warning email about fraudulent activity on your account and a
request to verify information Such panic-inducing methods can be very successful as
people give an immediate response without thinking There is another type of phishing known
as spear phishing which hooks individuals using personal information (often garnered from
social media sites) Spear phishing scams are increasingly sophisticated and are regularly
successful since the baited emails seem so personal
Web-based Attacks
While nearly all IT attacks are web-based to some extent this threat specifically means
malware attacks that come via online sources like infected landing pages on websites rather
than being delivered via email or infected devices This is also known as a pull-based attack
where victims unknowingly visit infected sites rather than push-based ones in which
attackers are actively searching for victims
The number of web-based attacks are growing as web services
become more popular and people use the Internet for business
banking and e-commerce Malicious URLs are used as
channels to propagate malware and if you visit an infected site
hackers can take control of your system to carry out
cybercrimes such as data theft denial of service attacks and
spamming
A common web-based attack technique is to alert you with fake
virus detection messages and ask you to download rogue
antivirus software Sometimes even legitimate sites can be
infected if the hacker gets control of a web server And the bad
Recently criminals
posing as a
legitimate
Australian legal
firm recently duped
an online ad
network into
distributing banner
ads through
Gumtreecomau
that if clicked
could likely have
led to ransomware
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 15
news is that your antivirus software and firewalls are of limited use as they cant help detect
many web-based attacks
Botnets
The term botnets refers to a series of online computers communicating with each other to
complete a set of repetitive tasks - which could be something mundane like running a chat
channel or something more destructive like creating spam
Most illegal botnets are composed of computers already hacked and compromised without
the knowledge of their owners - these are known as Zombie computers These are controlled
via a single interface used by hackers or herders These criminals use the huge
accumulated power of botnets to engage in click fraud which involves clicking on ad banners
to take money from advertisers who pay for each visit
They can also be used to saturate bandwidth and prevent access to websites for long periods
causing vendors to pay a ransom to get traffic flowing again Keylogging is another nefarious
task that botnets are used for They report keystrokes of thousands of users visiting websites
to the herder who can use this data to access personal information and accounts
Denial of Service attacks
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all Basically
it shuts down your website or network making it impossible for people to use your services
That means that if youre selling things online or taking bookings or appointments no
legitimate customers can access your site or sales page - and theyll soon go elsewhere The
attack can also stop staff and account holders from accessing the services they need DoS
attacks work by flooding the target with traffic causing it to crash or run so slowly that it
becomes unusable
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 16
DoS attacks are unlike malware attacks they dont try to
breach your security systems and steal data directly instead
make your services inoperable Such attacks are often used by
people trying to make a point - activists for example It is also
a process used for simple extortion or even by unscrupulous
business owners looking to cripple their competition If the
denial of service goes on for a long time you can lose revenue
and customer trust and your long-term reputation may never
recover
DoS attacks happen in two ways either with one attacker
flooding your servers so they have too much traffic and grind to
a halt or by way of an attack from many machines in whats
called a Distributed Denial of Service attack often carried out
via botnets
Of course some attacks are not initiated by outsiders but by people within an organisation or
as a result of bad luck These can be the hardest attacks to prevent and can cause the most
damage So lets look at them
Malicious Insiders
You know already that there is a lot of danger out there on the internet but small and medium-
sized businesses can face even more serious threats from within
Somewhere among your seemingly loving and loyal staff sits
someone who could bring your company tumbling down It
could be someone who bears a grudge sees a way of
benefitting themselves financially or is planning to leave and
start a similar business with your contacts and intellectual
property
Akamais newest
State of the Internet
(SOTI) ndash Security
Report for the fourth
quarter of 2015 saw
the number of Web
application attacks
jump 28 percent over
the previous quarter
while the number of
DDoS attacks
jumped by 40
percent in that time
Two scientists working
for GlaxoSmithKline
have reportedly been
charged for stealing
trade secrets
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 17
An IT attack by an insider can be the most devastating
attack of all as youre not just having your systems
compromised but your trust shattered by a member of
staff who you may even have considered a friend
especially if your business is small and people work
together closely Whats more firewalls anti-virus
software and intrusion detection systems wont be any
help to you at all After all in many companies
employees will all have access to confidential data
files and accounts
The extent to which insider attacks are so much more
damaging is shown by the figures In Australia attacks
by insiders or staff can take up to 51 days to contain
and solve compared with outside attacks that on average take 23 days to contain This is
because insiders know what they are looking for and where the juiciest data is and they
probably have the passwords to get at it
Stolen Devices
While many IT attacks come about thanks to sophisticated programing others just come down
to good old-fashioned theft Stolen devices make up for 50 of cyber-attacks experienced by
the 30 benchmarked companies in the Ponemon 2014 Cost of Cyber Crime Study and of course
your devices (phones tablets flash drives and so on) dont have to be stolen by cunning
pickpockets for the data to be compromised
Many headline hitting attacks were the result of workers forgetfully leaving laptops containing
vital files on a train or forgetting phones in restaurants And the risk of losing data this way
becomes even greater as ever more companies implement Bring Your Own Device (BYOD)
strategies and staff take their work home with them
BlueScope Steel
employee has been
accused of downloading a
trove of company
documents ndash about 40
gigabytes ndash over a four-
year period The company
is urgently seeking a
judges help to find and
destroy trade secrets
before they fall into the
hands of competitors
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 18
This means that personal devices which are often unsecured can be crammed with company
data (69 of employees use smartphones for work) If a staff member is robbed or even just
plain forgetful this data can end up in the hands of criminals who as a result have access to
your systems intellectual property and stored passwords
Stay Vigilant
This is a pretty comprehensive look at the sort of security threats your business could be
facing but while weve covered most of the main bases weve barely scratched the surface
when it comes to the sheer number of threats out there
According to antivirus software developers McAfee new malware is being released at the rate
of around one file every second So it is little wonder those fighting the problem face an epic
challenge keeping up And these huge numbers of IT attacks are losing Australian businesses
like yours a great deal of money
Constant vigilance is the best weapon you have to fight hackers attacking you with viruses
malware worms or malicious coding Be careful what you are doing online and always think
before you click Of course technology can help protect your organisation but only if it is
upgraded and tested regularly Make sure that your firewalls are in place and that anti-virus
software is upgraded as new updates come out
Training too is a tool that lets you fight the darker sides of the net so hold regular workshops
for staff on the types of phishing scams using social media safely and checking for
suspicious links And keep up with IT blogs that can warn you of the new risks out there If
youre careful dont get complacent and keep your IT updated you have a much better chance
at protecting your precious data and ultimately your company
In the next part of our eBook we will be looking at some Australian companies that werent
so careful and what it meant for their businesses their reputations and their companies
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 19
Chapter 3 IT Security Incidents in the Last Two
Years
There may be no bullets flying but Australia is currently at war and its one were not winning
Cyber-attacks on Australian businesses increased 20 in 2014 and this figure rose in 2015
according to the Australian Signals Directorate
The most commonly targeted industries tend to be banking and the financial sector in general
resources energy and telecommunications among others But the huge volume of attacks
means that many Australian SMBs are being targeted as cyber criminals spread their nets
The fallout from these cyber-attacks includes loss of intellectual property major disruption
to business financial loss and major damage to the reputation of your company which in many
cases could lead to bankruptcy
Cybercrime in Australia
There are three main types of cybercrime that affect Australian businesses large and small
These are
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 20
State-sponsored cyber-crime - perpetrated by hackers on behalf of states to steal
intellectual property and identities These are often the most sophisticated attacks and
hackers can retain access to an organisations network for years at a time
Organised Crime - run by criminal gangs making malware to steal data or extort
money from individuals and corporations Many crime syndicates have sophisticated
tools and share techniques to access systems as well as stolen data with other
criminals
Motivated cyber-crime - these are often hackers with a political social or even
religious motive who want to get a message across using illegal online methods Often
such attacks can be less sophisticated but can still cause great damage to companies
Because there are such widely varied motivations for hackers to target Australian businesses
it means that no business is safe including small ones SMBs shouldnt think that their
information is not of interest to criminals they could be targeted for a range of reasons
Take banks for example Commonwealth Bank Australias largest bank is attacked
thousands of times every day While most of these attacks are by hackers seeking money and
account numbers many attacks are by activists (who call themselves hacktivists) who have
a more political or social agenda perhaps they dont agree with some of the banks
investments which they may see as unethical or detrimental to the environment
But when it comes to large-scale hacks many fingers are pointed at government sponsored
groups from China Well-equipped hackers known as Advanced Persistent Threats (APTs)
have been targeting Australian firms in the mining and natural resources sector Many
businesses already dealing with organisations in China come under attack perhaps to get the
edge in negotiations or as a way of stealing intellectual property
In response to the rising numbers of attacks the Australian Government opened The
Australian Cyber Security Centre (ACSC) to coordinate the countrys defence intelligence
agencies - the Attorney-General and the Australian Federal Police cyber units The ACSC
enables the private and public sector to collaborate and share information to combat
cybersecurity threats They also offer a great deal of information about how SMBS and
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 21
individuals can stay safe online So its well worth looking at their site at
httpswwwacscgovau
In the meantime lets take a look at some of the recent risks and hacks on Australian
companies to fully understand the risks of letting your IT guard down
Ransomware on the Rise
Ransomware a scam in which people fall victim to an encryption virus which hijacks computer
files and demands a ransom to restore them is becoming one of the main ways that Australian
businesses are being targeted by cyber criminals In 2014 the security firm Websense found
nearly two million instances of the malware variant known as CryptoLocker and 60 per cent
of those were detected in Australia
CryptoLocker is ransomware which is delivered via credible looking emails Once an infected
link is clicked the virus is activated and your computer files photos and data are taken
hostage via encryption unless a ransom is paid
Some of the latest versions of this malware are said to be
unbreakable and the average cost to companies paying
ransoms to overseas hackers was $US 350
One of the most recent versions of the virus appeared as a
traffic infringement notice from the Australian Federal Police
which demanded a penalty pay for a minor traffic
infringement The impressively official looking email was
often opened because it appeared to come from the Federal
Government To view details of the fake traffic infringement
recipients are asked to click the link contained within the
email activating the malware
The Australian
Federal Police (AFP)
originally issued a
tweet on 19 January
warning people of a
recent scam ldquotraffic
infringement noticesrdquo
being delivered by
email and advising
not to pay any money
or click any links
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 22
High Profile Incidents
Kmart Attacked
Kmart Australia had to put out a warning in October 2015 to let some customers know that
their online operations had been attacked in an external privacy breach in September Data
such as name email address delivery and billing address telephone number and product
purchase details was stolen The retailer has insisted that no credit card or payment card
details had been compromised as card processing is handled externally
David Jones hacked
In October 2014 Australian Fashion Retailer had its computer system attacked and the private
details of customers were stolen - these included names email addresses and addresses
but David Jones assured its customers that their credit card or financial information was safe
A hit on the Hilton
Early in 2015 Hotel chain operator Hilton Worldwide Holdings warned customers that theyd
found unauthorised malware targeting payment card details in some of their payment
systems This affected many of their Australian customers An investigation found that
malware was targeting cardholder names payment card numbers security codes and
expiration dates
Customers were advised to check bank statements up till July but the company didnt give
figures of how many people or businesses might be affected
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 23
W -crime
Based on the high levels of current hacking activity and the increasingly sophisticated
software and techniques used by hackers to access systems and avoid detection the ACSC
predicts that levels of hacking will rise over the next five years or so Malware and technology
used in cybercrime is now more readily available than ever and can even be used by people
with little IT knowledge Whats more cyber-crime as a service looks set to increase as well
To stay safe Australian businesses from multinationals to SMBs need to work together to
make Australia a much harder target for hackers and to increase trust in users that the
Internets benefits outweigh online dangers The best cyber security comes when the
government and private sector work together and take greater responsibility for the security
of their networks and information
In the next part of our eBook we will be taking a look at where the technology to fight cyber-
crime and security breaches is heading Well be examining the cloud big data and the
Internet of things to help small businesses like yours to put together a comprehensive
security road map
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 24
Chapter 4 The Future of IT Security
So far in this exclusive Empower IT eBook weve examined the threats facing Australian
businesses when it comes to security and weve looked in detail at the form that these threats
can take (Malware Phishing Scams Denial of Service attacks etc) and weve even taken a
brief look at some of the ways IT attacks have impacted on Australian businesses
Finally its time to look at the security solutions that most of Australias small and medium
businesses currently have in place examine the reasons that standard defences may not be
enough and look at where the technology is heading as IT attacks become more sophisticated
So read on and learn how to improve your current security set up and to stay safe going
forward
Far too many of us take IT security for granted presuming that our anti-virus protection is
keeping the worst of the web at bay But it seems we are putting far too much faith in our off-
the-shelf antivirus protection to keep our IT systems safe Brian Dye corporate vice president
at Intel Security stated on record that antivirus software is dead Well the truth is that
antivirus software hasnt yet had its last day
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 25
Antivirus software is used to prevent detect and
hopefully make safe any malware threats and viruses
that make it onto your system And most programs do this
well But the big problem is that antivirus software is a
reactive technology and only effective against known
threats and variations of them The guys who are writing
antivirus software need to understand how a piece of
malware works before they can adapt programs to
discover and neutralise it And in the time it takes for this
to happen many thousands of systems can be infected
With hackers and criminals making new and increasingly sophisticated malware all the time
there are a lot of dangers out there that your current AV setup just wont see coming And
hackers are patient people they will take the time to rewrite and test their malware until it
can find its way past even the most sophisticated protection - and if that doesnt work theyll
write a new one
Intel Security the company that makes the popular McAfee software estimates that new
malware is released at a rate of about one new virus per second Little wonder its hard for
the program writers to keep up
And signature based systems need to be constantly updated
to be effective So signature-based IDS is only as good as its
database of stored code and signatures This is why Zero
day attacks when hackers launch a brand new piece of
malware often slip through without being detected as
antivirus software doesnt recognize the threat
Because of the sheer
number of threats out
there traditional
antivirus software
detects only around
45 of all attacks
Unless youve been
keeping your antivirus
software updated and are
tuned into catching the
latest threats out there
that old antivirus software
on your devices is only
giving you the most basic
level of protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 26
A New Era of Data Protection
We are now entering new territory when it comes to keeping your systems safe Behaviour-
based rather than signature-based security is more important So lets take a look at what
this means for businesses like yours
Behaviour-based security is different in that it detects any network activity that doesnt fit a
pattern of expected behaviour This means that the software has to be configured to learn
what a users normal patterns of activity are If there are any anomalies these are then flagged
as threats or viruses and will be stopped before they infect your systems
Unlike with signature-based systems behaviour-based
antivirus systems are able to detect zero-day attacks as
they dont have a pattern that is recognizable Of course
such systems have to be configured to learn about users
typical behaviour and configurations need to be updated
every time new applications are added or modified but in
general they can adapt to new unique or original attacks
There are many advantages to this behaviour-based
approach in detecting new and unforeseen vulnerabilities
in your systems Because it detects any traffic that is new
or unusual the behaviour-based approach is good at
identifying sweeps and probes towards network hardware
This is like an early warning for potential intrusions as such probes and scans are often the
predecessors for system attacks They can also detect abuse of privilege attacks which
normally dont trigger security warnings Of course there are some drawbacks too in that
there is a higher false alarm rate than with signature-based attacks
Whats more the learning curve for behaviour-based intrusion detection techniques cant
cover everything and peoples online behaviour is likely to change over time so you need to
For example if a
computer user with a
restricted set of records
suddenly begins to try
and access other types
of information it is highly
possible that his
workstation has been
infected with a virus and
action needs to be taken
to protect the systems
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 27
implement occasional retracing of the behaviour profile Also during the learning phase any
system attacks that occur wont be detected as anomalous meaning your systems could be
compromised
Behaviour-based IDS is also more costly in that you need more hardware spread further
across your IT networks than is required with signature-based IDS
Drawbacks and a long customization process aside it looks like the behaviour-based
approach to IT Security is one way well be helping to keep the cyber criminals at bay into the
future And although the death knell has not yet sounded for antivirus software you need to
be aware that this is no longer the be all and end all of IT security you need to be doing so
much more
There are many ways you can keep your systems safe and taking a multi-layered approach is
actually the best way forward Blacklisting whitelisting and sandboxing are three methods
that can be used to ensure youre safe while online
As the way we use data and interact with the internet changes our approach to IT security and
data protection should also change accordingly Whats more IT systems around the world
are increasingly being breached and the fallout from this is affecting millions of people so we
need to learn to deal with risks and stay ahead of cyber criminals
We are now seeing other areas of IT in which security needs addressing areas such as social
media the cloud compliance advanced persistent threats and physical infrastructure
security too
IT Security in the Cloud
In the fast moving world of IT cloud computing is already an old hat in many ways but as so
many of Australias small and medium businesses are only just making the move into the
cloud they may not appreciate how cloud technology isnt just changing how they work but
how they should be approaching security
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 28
When you are in the cloud you are exposed to new risks after-all your data and often much
of your network is being hosted off-site and is often being accessed by your staff in other cities
and countries
Security in the cloud requires visibility identity management and policies that reduce threats
ability to take advantage of all the flexibility and freedom that cloud computing can offer
Of course its worth remembering that cloud computing is not just one technology it is a
combination of many advances in technology sold in one package This includes virtualisation
Software-as-a-Service and other operations working as they always have done albeit in the
cloud
The problem is that traditional security solutions dont always adapt themselves well to the
cloud architecture What needs to happen is for existing security methods such as firewalls
virtual private networks data-leak protection etc to evolve so they can be better deployed in
the cloud This might involve using an API (Application Program Interface) so that such
technology can be automated in the cloud
It is also likely that new Cloud Security Gateways will have to come into play and innovations
that bolster security are already being created Cloud security gateways will act as security
policy enforcement points between cloud services consumers and providers to ensure
security as cloud services are accessed by users This system would probably be made up of
multiple levels of security such as authentication authorization signing on security token
mapping encryption tokenization logging alerting Application Program Interface and so on
With cloud technology being so popular it is vital that users are easily identified and
authenticated while controlling access to applications and enforcing data protection policies
It is also a good idea to have a central overview of what is happening with visibility into all
users devices and cloud activity so that malicious or suspicious behaviour can be flagged
Auditing and monitoring will be built into cloud services in the future to ensure ongoing
protection
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 29
Other changes need to happen to ensure better cloud security The management of encryption
keys is critical and data needs to be fragmented and kept in several places in the cloud rather
than in one server where it would be vulnerable It is also important that the physical security
of the cloud environment is enhanced
IT Security and the Internet of Things
You may have heard of the Internet of Things (IoT) and wondered what it referred to Basically
it just means an environment in which objects are able to transfer data over a network without
the need for human-to-human or human to computer interaction
For example you may have a sensor in your car to tell you
when the engine needs oil by sending a message to your
phone An office printer may send out an order for more
ink when its running low and a smart road can send
signals to traffic control when traffic is heavy
Basically any device or component that can be connected
to net (usually by Wi-Fi) plays its part in the Internet of
Things Ultimately the IoTs will help cut down on waste
improve efficiency and save time and frustration (in theory
at least)
But with so many online devices many of which will hold personal info or IP data security will
be an issue You wouldnt want someone hacking your toaster or using your online speakers
to get at the data on your PC after all
Some experts are concerned that large numbers of unsecured devices could be built up by
hackers as botnets Just imagine your TV computer and other household appliances all be
used against you like a science fiction horror story
The new high-tech
Barbie doll raises privacy
concerns as the doll is
connected to the Internet
and could be a tempting
target for hackers who
could then access data
on home networks
through the doll
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 30
This means in the future people will need to know how to
secure their IoT devices Initially this would mean taking
simple measures such as using passwords and
usernames updating and patching devices as you do with
current devices Also an IoT device that needs to be
accessible over the net needs to be put in its own network
and have access restricted This network can then be
monitored with action taken if there is a problem
Planning and integration is vital when it comes to the IoT and security needs to be paramount
at every step of the process from manufacture to purchase and use As a company owner
you need to develop policies that keep your customers and their data safe when using IoT
devices
US retailer Target was
hacked in 2013 via its
heating and air
conditioning which was
internet enabled Some
40 million credit card
numbers were stolen
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
EMPOWER IT SOLUTIONS | WWWEMPOWERITCOMAU Page | 31
Conclusion
The goal of this eBook is to make you aware of the vulnerabilities of your business systems
and help you understand in detail the various cyber-threats that are lurking today We have
looked at the dangers for companies that have not been protecting themselves from online
and offline security threats both in terms of money and reputation consequences
If you are wondering about the best way to safeguard your business stay tuned as we are in
the process of writing another eBook with insights about protecting your business and
reputation
If you enjoyed reading this eBook and found it to be of value do share it with your friends
Follow us for more Security News
Spread the word
top related