The week in security: Banks investigating breaches as AusCERT experts warn on the security of everything

There were growing concerns about privacy as the New Zealand government confirmed that its Customs officers will be able to inspect electronic devices coming into the country.

No wonder organisations like the ACLU continue to fight government surveillance. Yet surveillance isn't the government's only problem: US officials confess that they might not be able to respond to cyberattacks on critical infrastructure.

This, as financial-services regulators warn that cybersecurity is the biggest risk to the global financial system – and news emerges that up to a dozen banks are investigating potential security breaches on their networks.

NBN Co was also reeling from a cybersecurity issue in the aftermath of damaging leaks and a subsequent, politically-charged AFP raid on Labor staffers that document-management specialists say could have been avoided altogether if NBN Co were protecting its documents correctly.

Despite growing awareness of the importance of security, research suggested that many organisations are still failing to prioritise it as they need to.

Others, like Queensland's Griffith University and the University of Auckland, are working through the six stages of cybersecurity response.

These stages were highlighted at the key AusCERT 2016 conference, where it was also revealed that healthcare organisations are lagging when it comes to information security and that Internet of Things (IoT) security would require commercial drivers. Conference attendees also heard from researchers concerned about the lack of security in building management systems, questioning the value of blockchain as a driver for change in financial-services giants, warning about the curse of convenience, the importance of penetration testing in the context of cyber war, and the risk of business email compromise.

The winners of AusCERT awards were announced amongst consensus that security skills are more important than ever, even as demand continues to surge: information-security training at the Boston BSides conference, for one, is so popular that its organisers are looking for space to grow.

Yet many students of cybersecurity training programs are reporting that they still can't find a job in cybersecurity even after they've completed a degree.

Also looking for a job is the CEO of Austrian company FACC, who was fired after losing $US47m in a targeted phishing attack in January.

Five people were arrested for netting $US2 million in a scam whereby they impersonated that country's tax-collection authority and demanded payments from hapless victims.

Also on the enforcement front, a celebrity hacker called Guccifer confessed to hacking into 100 email and social-media accounts belonging to American citizens and high-ranking government officials.

Along same lines, US legislators were demanding that searches of US email accounts stored offshore would require search warrants.

Even as anti-piracy advocates BSA seized on cybersecurity risks as yet another warning about stealing software, security researchers found that a recently patched exploit in Adobe Flash Player is still being used in widespread attacks, while new ransomware called DMA Locker was becoming more common.

Also of concern was the expansion of top-level domains, which creates a new security risk for business computers.

Even as Microsoft warned IT administrators against requiring users to set passwords that are long, complex and changed frequently, Google was aiming to have its Android password-replacement system available before the end of the year, while some Google alumni debuted a software-as-a-service tool for quickly spotting transaction fraud.

Also playing in that space is Cisco, whose purchase of OpenDNS last year is providing invaluable fodder for its threat-intelligence efforts.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attacksGriffith UniversityAusCERT2016Boston BsidesAFPBSA | The Software AllianceFACCsecurity risksACLUcyber securityNBNMicrosoftInternet of Things (IoT)

More about BSACiscoDMAGoogleGriffith UniversityMicrosoftNBN Co

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts