Conferences

Are you prepared? Mobility opens doors to new wave of cyber attacks

Fields marked with an * are required

Subscribe to our newsletter

James-SankarSecurity on the Move was the subject of a recent AusCert workshop. AARNet’s Director, Enterprise Services, James Sankar was there and reports on the highlights:

Bring Your Own Device (Android) and Social Media (to trawl and impersonate identities for ID theft and to spread malware by URL links) are key threats facing a more complex, diverse and mobile computing environment.

 Processes for data breach notifications

Mandatory breach legislation has been delayed until after the election but companies should prepare processes today – http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches

 Some of the latest cyber threats
  • Ransomware is on the rise – attackers gain unauthorized access, encrypt data and freeze business processes and operations until a ransom has been paid.
  • Unauthorised access can occur where key staff or key suppliers and partners are targeted.
  • Secure deal rooms are emerging as attackers want access to data that could either influence deals or seek financial gain by accessing inside information that could affect share prices.
  • Open Source bot.net kits that can find and exploit vulnerable devices are cheap and customizable. Access to a robust network and security devices alongside regular security reviews can help but may not prevent attack such as zero day attacks.

  IT Security teams need to act as educators for business
  • IT security teams should inform on security options, help identify risks and impacts and assist with solutions to help drive online business
  • security should be based on the Pareto 80/20 rule – prioritise investment in 80% of potential threat areas and attack vectors, it’s too costly to aim for 100% and better to note the risk and design with the expectation that you will incur a security breach with clear processes in how to deal with that.
Securing Domain Name Services

Nomium and Sophos announced a partnership designed to secure Domain Name Services (DNS) by adding Sophos threat detection to the DNS so that phished URLs can be detected and blocked.  This simple deployment offers a step check which involves a common query to access a website or content.

Further research into the global supply chain, from components to device manufacturers may be a next step to addressing these threats as built vulnerabilities.

AusCert is working with AARNet to develop new services to help the research and educational sector better prepare for the future, for more details please contact James Sankar at AARNet (consulting@aarnet.edu.au).

 

 


Related Stories

Conferences / Featured / Network

Aug 15, 2017

Register now for GLIF 2017-17th Annual LambdaGrid Workshop

REGISTER NOW FOR GLIF 2017 - the 17th Annual Global LambdaGrid Workshop, hosted by AARNet at Sydney University 25-27 September This event brings together leading network experts from around the world to collaborate and exchange knowledge on new networking technologies, pathfinding, middleware and applications. The workshop has a specific focus on how global...

Conferences / eResearch / GLAMs

Aug 9, 2017

What do fast networks and services, research infrastructure, and linked open data have in common?

The answer is Identifiers. AARNet is involved in activities in both the eResearch and GLAM (Galleries, Libraries, Archives and Museums) communities that involve connecting identifiers in order to unlock significant opportunities for enabling research collaboration and data sharing across Australia and internationally, and, building rich discovery layers to Australia’s cultural...

Conferences / Featured / Network

Aug 4, 2017

AARNet Networkshop 2017 Highlights

Technologists working on networking and networked technologies at AARNet-connected universities and research institutions gathered in Melbourne on 22 & 23 June 2017 for Networkshop. Watch the video to hear what some of the highlights were for delegates. Networkshop 2017 was a two-day technical community-building event with an emphasis on technical...