The week in security: Aussie banks targeted as mobiles drive privacy fears

The combination of bring your own device (BYOD) plans and social media are creating a “fantastic avenue” for undermining corporate security, a Frost & Sullivan analyst warned at the Evolve 2013 security conference in Sydney. Also there, VMware was talking up the potential for software defined data centres to improve IT security, while Trend Micro was promoting its Deep Discovery environment to Australian customers.

Also sharing was the head of the NAB’s IT security, who advised that banks need to innovate their way around IT-security hurdles posed by ever-tighter regulation. This, in the face of an escalating wave of cyberattacks against financial-services targets so bad that the FBI is even warning banks about it – as is a Russian security team, which has found a cyberfraud operation targeting Australian bank customers.

A high-profile California lawsuit alleging that a Delta Air Lines app failed to preserve customer policy, was dismissed in a blow for those pushing for better privacy controls on mobile apps. For its part, mobile security vendor Lookout is sue Google alleging that it has been allowing Android app vendors to illegally collect user data.

Russia took a big step towards adopting international privacy norms by signing the Convention 108 privacy pact, although the move’s efficacy may be limited in an international climate where a booming mobile industry is mobilising global criminals faster than ever. Even viruses are making a comeback; little wonder that firms such as Brisbane lawyers Cooper Grace Ward are turning to the added security that virtualisation provides.

The fight against hackers may have claimed some LulzSec scalps and seen arrests of Anonymous members in Italy, but other hackers have ever more resilient botnets; have released yet more Mac spyware; and continue their assault on online gaming company SG Interactive, which suffers constant DDoS attacks and has seen an appropriate defence as critical to business continuity.

Identity and access management (IAM) is a crucial tool for closing security holes in corporate infrastructure and can also, by enabling single sign-on capabilities, save money. Intel-owned McAfee has taken a different tack by adding biometric authentication to cloud storage in a fresh look at consumer security. Microsoft committed to international secure software-development standards, while Adobe released critical security updates for several key products. Microsoft also rushed an Internet Explorer 8 patch to market even as the latest version of the browser, IE10, was rated the best for privacy protection compared with Chrome or Firefox.

Even as some hackers do the polite thing and call ahead before sending a malware-laden email, police notched up a few scalps after jailing a phishing gang that stole a British woman’s £1 million (A$1.54 million) life savings and spent it on frivolities including “gold and cheeseburgers”. This sort of activity, apparently, is more appealing to hackers than health-care data which, reports suggest, is being plundered less and less thanks to tougher enforcement.

Somewhat safer than buying into phishing attacks is outsourcing business processes to Chinese companies – which, one Chinese IT outsourcer was at great pains to argue, still remains a safe choice for Western companies despite US accusations to the contrary.

Yet all isn’t necessarily hunky-dory, with companies and government bodies unprepared for surges in cyber-sabotage that are supposed to be targeted by new US legislation. Experts were debating plansfor sharing vulnerability information, while the Department of Homeland Security was warning that American critical cyber-defences are weak. Australia’s government isn’t doing as much as it could, either, with the new 2013-14 federal budget showing little new funding for cyber-security initiatives.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags mobile securityprivacy

More about Adobe SystemsCSODeltaDelta Air LinesEvolveFBIFrost & Sullivan (Aust)F-SecureGoogleIntelInteractiveMcAfee AustraliaMicrosoftNABTrend Micro AustraliaVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts