The director general of the country’s intelligence agency has warned businesses they need to be more careful when it comes to warding off cyber-attacks, saying many of these attempts to secure information or money are going unnoticed.
At a conference yesterday, Australian Security Intelligence Organisation director-general David Irvine said yesterday most attacks go unnoticed, and that business owners should think twice about what types of information they store in cloud-based servers.
”Our societies and our economy are increasingly ‘internet dependent’. But there’s a downside, and the downside is that this dependence comes at a cost: it has created new or accentuated old vulnerabilities,” he said.
He also said the threat was “significantly greater” when business owners are travelling.
”Telephones and laptops are all vulnerable to exploitation at the customs barrier and at the hotel; they should never be left alone,” he said. ”Information held on mobile devices is easily removed covertly and malicious software can be added.”
Irvine’s comments come as a warning that some offshore agencies may be attempting to steal commercial information through companies rather than directly through government departments.
More and more businesses are falling prey to attacks. In the past year alone, major telcos Telstra and AAPT have suffered breaches – prompting an investigation by the Privacy Commissioner – while smaller companies such as Distribute.IT and Lush have found themselves hacked.
AVG security advisor Michael McKinnon says it’s important to realise the difference between attacks on government departments and businesses, in that many small businesses won’t become prey to attackers looking for sensitive government information.
But there are others that may be targets: Companies that have patent information, for instance, or businesses working closely with government departments. These businesses can often be smaller in size, and more susceptible to attack.
“I think motives for cyber-attacks on governments are, usually, substantially different to attacks on business,” he told SmartCompany.
“If we were to suggest the business’ exposure to these types of attacks, then at the top of the list, above espionage, would be money. That stands head and shoulders above the rest.”
Although McKinnon says protecting commercially sensitive information – including government documents – should be equally high a priority, the more common problem will be that SMEs are attacked for financial records.
“Credit card transactions, transactional data, and money: It’s about protecting those financial records and any data that may belong to customers.”
As for travelling with devices, McKinnon says it’s the same rules as always – make sure everything is protected before you step out the door.
“Protect devices before infection occurs, and then make sure they’re being scanned on a regular basis to ensure nothing malicious gets in.”