To be cyber secure is becoming increasingly difficult because our interconnected world poses greater risks. The battle continues nonetheless; cybersecurity professionals are emerging in larger numbers and installed cybersecurity software and hardware is now essential across all industries.
Minter Ellison, one of Australia’s largest corporate law firms, warns universities of the potential data theft that they face due to underinvestment in cybersecurity. The firm’s research showed that ransomware attacks in Australia rose by 300% from 2015 to 2016.
The law firm’s Paul Kallenbach and Leah Mooney recently carried out their second annual Cyber Security Survey. The survey was created to “assess changes in Australian organisations’ cyber resilience over the past 12 months”, and covered many different industries. The following summarises their findings:
“Minter Ellison found that, while some progress has been made over the last 12 months among the entities surveyed, many Australian organizations have a long way to go to achieve an appropriate level of cyber resilience.”
The firm reported that 42% of the organizations they had surveyed did not have a data breach response plan, and 92% of them don’t “conduct regular staff training on IT security issues”.
The firm says that one industry that really needs to increase their cybersecurity infrastructure is the higher education industry. Universities hold the financial, personal and confidential information of many of their students - information that shouldn’t fall into the hands of cyber attackers. Data breaches could be very damaging to the reputations of universities across the globe. Another area of concern with data breaches within universities from Minter Ellison’s viewpoint is the fact that critical research is performed within the walls of universities. The impact of stolen data could have incredibly damaging effects on those who spend their careers in research and development.
Are blackouts to come?
Moreover, the vulnerabilities of critical infrastructure have been highlighted in the last few years due to some high profile cyber attacks. The most recent being the ransomware attack on the National Health System across Great Britain.
With remote control of key industrial operations increasing, hacking in the form of denial of service attacks could run rampant, and, for example, cause entire city electricity grids to shut down. Cybersecurity experts ESET and Dragos Inc have published warnings with key industries and infrastructure in mind; they report that a malware known as Industroyer or Crash Override could close down their operations.
Talking to Reuters, ESET’s malware researcher Robert Lipovsky, said:
“The malware is really easy to re-purpose and use against other targets. That is definitely alarming. This could cause wide-scale damage to infrastructure systems that are vital. The tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems.”
According to experts, the Industroyer malware is a sophisticated beast; experts say the hackers do not need to control it manually; it automatically overrides the systems of critical infrastructure. It is believed to be related to the malware that took down the Ukraine’s power grid in December 2016.
The official word from experts is for engineers to be alert and cognizant of their industrial control systems and ensure that all the steps to prevent a cyber attack are in place.
The fight against cyber attacks will be a long and tedious one. An ever larger numbers of devices are being connected to interconnected networks that can be remotely accessed. These devices and networks are becoming more vulnerable as a result.
With the demand for cybersecurity on the rise education opportunities for networking and IT gurus have risen too. After all it is up to these specialists to match the hackers’ agility in an attempt to keep ahead. Personnel able to design and implement key software and hardware with built-in reinforcements to prevent catastrophic cyber attacks, now and into the future, are essential.
In this spirit, the Engineering Institute of Technology (EIT) has designed an intensive 6-week online course that covers how to secure automation, control and SCADA systems used across industry: https://www.eit.edu.au/cybersecurity-automation-control-and-scada-systems
Finkle, Jim. "Cyber Firms Warn of Malware That Could Cause Power Outages." Reuters. Thomson Reuters, 12 June 2017. Web. 21 June 2017.
Minter Ellison - Paul Kallenbach and Leah Mooney. "Perspectives on Cyber Risk: Implications for Higher Education." Lexology. Web. 21 June 2017.