dave campbell - cert australia - key findings from the latest cert australia cybercrime and security...
Post on 19-Oct-2014
292 views
DESCRIPTION
Dave Campbell delivered the presentation at the 2014 ADM Cyber Security Summit. The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia. For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14TRANSCRIPT
ADM Conference
CERT Australia: Cyber Crime and Security Survey 2013
Dave Campbell
Director, Canberra
CERT Australia
• Established in 2010, within Federal Attorney-General’s Department
• Assist Australian businesses prepare for, defend against and mitigate cyber security attacks
• Focus on systems of national interest, including critical infrastructure
Who is CERT Australia?
Information exchange with businesses
• The CERT does this in three main ways:
• Advice through alerts, guides, briefings
• Information Exchange – formal program
• Cyber Crime & Security Survey
International Partnerships
Cyber security Rest of the world
Drupal.org compromised, almost 1 million accounts leaked
Personal details of US troops stationed in South Korea leaked by hackers
Living Social compromised, 50 million accounts potentially accessed
Rest of the world
Saudi Aramco (Aug 2012)
South Korea, Media and Banking attacks (March 2013)
Associated Press Twitter compromise (April 2013)
Current Cyber Security EnvironmentAustralian business perspective
What Australian business wants
“Can you please help explain the Australian cyber security perspective to my senior management. They don’t want to always hear about the rest of the world’s experience.”
Current Cyber Security EnvironmentAustralian business perspective
Australian business perspective
Cyber Crime & Security Survey 2013
Key findings: overall number of incidents increased in 2013, as did targeted attacks – especially targeted emails • Spear Phishing is still extremely popular and effective.
• CERT experience: a relatively new technique known as “Water-holing” - compromising websites the target is expected to visit
• CERT finding: the scope of targeted attacks has widened, smaller companies more commonly targeted than theywere
Cyber Crime and Security Survey
• Key finding:
– 61% do not have cyber security incidents identified in risk register
The CEO?
Cyber Crime and Security Survey
• Key finding:
– Staff errors/omissions, poor security culture – main internal factors
Cyber Crime and Security Survey
• Key finding:– Many businesses choose not to report incidents to anyone
57% chose not to report to an external agency
But 34% chose to report
Cyber Crime and Security Survey
• Key finding:
– 13% of organisations using Windows XP had no plan to migrate to something else before April 2014
Positive: 79% of those using it planned to migrate before April 2014.
Future for the rest…?
Summary
• You, as individuals, and your organisations are targets
• Difficult to manage the risks alone
• Organisations that manage cyber security effectively:
• View cyber security as part of their broader approach to resilience
• Understand the importance of investing in human capital and focus their security spend on good people not just shiny boxes
Actions to consider
• Actively seek and heed advice from IT security staff
• Seek regular updates or briefings from IT security staff about cyber security issues or incidents
• Ensure cyber security incidents are identified in the business risk register
• Partner with CERT Australia before a cyber security incident occurs.
Thank youAnd thank you to all those who
participated in this Survey
The Survey: cert.gov.au/newsroom
http://www.cert.gov.au
1300 172 499