High Profile Cyber-Security Breaches in Australia

Mainstream Australian media sites now regularly mention hacking incidents carried out by the hacktivist group 'Anonymous'. The group recently defaced several prominent Australian websites, and has now also claimed to have stolen user credentials and contact information from Pizza Hut Australia.

In fact, the month of November 2012 has been a period of high profile security breaches and identity thefts not just in Australia, but across the globe. Seeing some of the world’s mightiest enterprises falling prey to hackers is now commonplace.

All these security breaches give enterprises and end users just one important lesson to learn – it is time to seriously consider using a password manager!

How does a data breach in one website affect end users?

It is quite common for users to use the same login credentials for multiple social media sites, websites, and applications. Making matters worse, some users tend to use the same password for all accounts – from email accounts, to social media, banking, brokerage and finance accounts. In this globally connected world, a data breach in Europe could affect an end user in Malaysia!

If a password gets exposed at any site, then in all probability hackers can easily gain access to the user’s accounts at other sites too.

So, it is always prudent to have unique passwords for every website and application, and supply it ONLY on that site/app. When there is news of an enterprise site hack which has led to passwords being compromised and stolen, you can just change the password for that single site/app.

Changing passwords frequently is also a wise habit to learn.

But, here is the problem. You will have to remember multiple passwords, perhaps tens or even hundreds. It is quite likely that you will forget passwords, and eventually have difficulty logging in.

The way out: use a Password Manager

In order to combat cyber-threats, proper password management should ideally become a ‘way of life’. Password Managers help to securely store all your logins and passwords. In addition, you have the option to launch a direct connection to the websites / applications from the password vault’s GUI itself. Saving you even the ‘Copy & Paste’ task, logging in is never more than a click away. Once you deploy a Password Manager, you can say goodbye to password fatigue and security lapses.

Enterprises – time to step up! You may be the next victim!

It is worthwhile to draw lessons from the cyber-incidents in the recent past, as they might help you learn how to prevent security incidents affecting your enterprise in the future.

Traditionally, keylogger trojans (which monitor keystrokes, log them to a file, and send them to remote attackers), cross-site scripting (which enables malicious attackers to inject client-side script into web pages viewed by other users, and then exploit the information to bypass access controls) and viruses have been the most frequently used security attack channels.

Improper management of Administrative Passwords, which are often aptly referred as ‘Keys to the Kingdom’, is a key security risk. Passwords of enterprise IT resources are often insecurely stored in spreadsheets, text files, and even on pieces of paper. Haphazard password management can make enterprises a paradise for hackers.

Another undeniable risk is the potential for sabotage caused by employees within the enterprise. Disgruntled staff, greedy techies, and sacked employees have been involved in many such security incidents around the world.

A breach of trust could occur anywhere, leading to grave consequences. A lack of well-defined internal controls and access restrictions can easily pave the way for a serious security incident.

Tightening internal controls – the magic mantra

Unfortunately, enterprises often place little importance on crucial administrative password management until a security incident or identity breach surfaces. This negligence can result in an exorbitant cost. Many such security breaches stem from lack of adequate password management policies and poor internal controls, and could be avoided by placing tighter internal access restrictions and well-defined password policies.

Access to IT resources should strictly be based on job roles and responsibilities. Access restrictions alone are not enough. There should be well-defined audit records allowing ‘who accessed what and when’ to be traced with confidence. The best way to achieve this is to deploy a Privileged Password Management Solution, replacing manual processes, and helping to achieve optimum security.

Privileged Password Managers like ManageEngine’s Password Manager Pro help by securely storing the privileged identities in a centralised vault, restricting access to the identities, and automating the identity/password management activities.

This helps organisations to take total control of all privileged identities. Enterprise class password managers offer advanced protection to IT resources by helping establish access controls to IT infrastructure, and seamlessly video record and monitor all user actions during privileged sessions, providing complete visibility of privileged access.

To summarise, not all security incidents could be prevented or avoided, nor will privileged password management software act as a panacea for all cyber security incidents.

But many security incidents happen due to lack of effective internal controls, and are indeed preventable. Enterprises should take preventive action to combat cyber-criminals, to avoid locking the stable door after the horse has bolted!

V Bala is Product Marketing Manager for ManageEngine.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by V Bala

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts