It was hard to miss the Scott Morrison press conference on cyber security this week. If you or your business in any way relies on the internet for a smoothly functioning existence, you didn’t want to miss it. Not only was it a scary eye opener, it had a really important message for Australian internet users.
So what exactly did he say?
Australia is under a sophisticated and sustained cyber-attack.
Yup, we’re under attack from a ‘state-based’ operative. While the PM wouldn’t elaborate who that is, all fingers seem to be pointing towards China. According to the Sydney Morning Herald, “the cyber-attack is one of several elements to the Chinese Communist Party’s pressure campaign against Australia… it’s been going on for many months.”
It’s actually been going on for a couple of years. We won’t get too much into the politics, but the theory is the Turnbull government made some decisions the Chinese government didn’t like. Apparently the cyber-attacks haven’t let up since then. In fact they’ve increased in frequency over the past few months.
What Form Do These Cyber Crimes Take?
They’re very wide-ranging, targeting a number of sectors from government to industry, politics, education and health. While the breadth is wide, these are not deep or disruptive attacks. The government believes they are part of a ‘mapping’ effort to build up a detailed knowledge and understanding of the Australian political, business and industrial landscapes. They’re trying to understand the networks here, who’s connected to who, where the strong relationships are and where the weak ones are.
It’s basically sophisticated spying on Australians.
A common tactic used in the attacks is ‘phishing’. Users are being tricked into thinking malicious websites and files are legitimate, and their information and passwords are being harvested as a result.
Why is ScoMo Telling Us About the Cyber Attacks Now?
One possibility is to let the ‘state-based actor’ know that the Australian Government is aware of what’s going on.
Another theory is the government has realised how woefully ill-equipped Australians are when it comes to their cyber security. It’s a message to all of us to jack up our game. In the press conference it was made clear we have some of the world’s best cyber defence agencies here in Australia. That’s correct, but without buy-in from the public and business sectors it’s not going to mean anything.
Let’s take on board this message from the government. Not just to protect our own data and our clients’ data, but to help bolster our country’s cyber defences too.
What Action Can We Take to Increase Cyber Security?
The Australian Cyber Security Centre is one of the agencies the PM referenced in his speech. They’ve made a few recommendations in direct response to the threats, with the two ‘prioritised mitigations’ being:
- Update your software, operating systems and devices. The patches for the exploits made as part of this attack are all readily available. Update everything as soon as possible and try to use the latest versions of any software or operating systems in your business or personal capacity.
- Make use of multi-factor authentication (MFA). Protect your passwords and data by using multi-layered access to your remote access services. These include your email accounts, collaboration platforms (such as Microsoft Teams), your VPN connections and any remote desktop services you use.
They recommend six additional mitigations you should be implementing to really boost your cyber security:
- Strict control of applications to prevent the execution of unapproved programs or code.
- Ensure your Microsoft Office is configured to block macros from the internet.
- Configure your web browsers to block Flash, adverts and Java, as these can often be used to execute malicious code.
- Update all your applications so they’re equipped with the latest security patches.
- Restrict administration privileges according to usage need.
- Make daily backups of data, software and settings.
That may all sound a bit confusing if you’re not clued up with tech speak. Don’t panic though, ensuring your company is security compliant and updated is as easy as getting in touch with Smile IT. We’ll help keep you, your clients and Australia safe from the cyber criminals! It’s one less thing for you to worry about.
If you’d like a cyber security checklist for your company, have a read of this article of ours. Or take a more intensive dive into business cyber security in Australia here.
Stay safe out there and give us a call on 1300 766 720 if you have any questions.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!