Businesses told to protect networks and use multi-factor authentication to secure Internet access & infrastructure
Today it was revealed at a press conference by Prime Minster Scott Morrison, that Australia’s private and public sector is being targeted in a sophisticated cyber-attack by a foreign entity.
It was confirmed that Australian organisations across a range of sectors including; government, political organisations, education, health, essential service providers and operators of other critical infrastructure are currently being targeted by a sophisticated state-based cyber actor.
Mr Morrison stated that cyber-attacks were not indeed new, and that the frequency had increased in scale, sophistication, and impact.
“We all know that cyber security issues can be a major challenge for many businesses – and recent cyber security statistics have revealed a huge increase in hacked and breached data from mobile and IoT devices, said Jon Evans, Enablis CEO.
In research completed by leading organisations and many security vendors it is suggested that most companies have unprotected data and poor cyber security practices placing the business and staff at risk and vulnerable to data loss.
As discussed in a previous security blog, a recent Forbes article highlights Enablis security partner Mimecast’s latest report about the security impacts of the first 100 days of COVID-19. The report reveals spam and opportunistic detection increased by 26.3%, while impersonation was up 30.3%, malware by 35.16% and the blocking of URL clicks by 55.8%
Key cyber security facts:
- Did you know that 91% of cyber-attacks start with email?
- 81% of data breaches involve weak or stolen credentials
- 50% of attacks are Malware- free, which means anti-virus can’t stop it
- 70% web traffic is encrypted (SSL), which gives zero-days and botnets a great hiding place
The top 5 email security issues we see are:
- Users are exposed to hackers
- Phishing & impersonation attacks
- Unseen Data leaks
- Lack of cyber education
- Failure of hosted email (e.g. O365)
The top 5 identity management issues are:
- Password fatigue and quality (length & complexity)
- Credential theft
- Lack of visibility of access to apps
- SaaS protected by static AD password
- Integrations leading to security holes
The top 5 secure web gateway issues are:
- Cloud and mobility blurring the security perimeter
- Encrypted (SSL) traffic passing through firewalls unfiltered
- Data leakage – data being accessed anywhere, any time
- Complexity of security gateways
- Compliance issues caused by lack of reporting and visibility
The top 5 next generation anti-virus and end-point protection issues are:
- Traditional antivirus doesn’t protect against non-malware threats and targeted attacks
- Many businesses don’t realise they’re under attack (silent attack)
- Traditional security tools focus on detection not prevention
- Traditional security architectures are complex and slow to react
Given today’s security announcement the Minister of Defence Linda Reynolds has said, “It is vital that all the salient organisations are alert to this and take steps to protect the network.”
She asked businesses to do the following:
- Patch your internet-facing devices properly, ensuring that any web or email servers are fully updated with the latest software.
- Use multi-factor authentication to secure your internet access, infrastructure, and your cloud-based forms.
- Become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online
Enablis security engineers work with the world’s leading security vendors to ensure your business, remote workers and data is always secure.
If you would like to speak with one of the Enablis team about your security requirements click here or visit our Zero Trust page for further information. If you would like to find out about Secure Access Service Edge (SASE) visit the resource centre here.