Debtset – Bailiff-Sheriff Aust MEMBER Login
Australian business sees rise in cyber attacks: counter strategies urged by BAE Systems
THE THEFT of trade secrets, business proprietary data, intellectual property and customer information is on the rise in Australia according to research by BAE Systems Detica.
The company's director of its Strategy and Major Client Group division, David Owen, warned "sophisticated attack groups with the motivation and capability to use techniques well beyond mainstream malware" are increasingly targeting businesses through their supply chains. However, he said, there were clear strategies businesses of all shapes and sizes could employ to help protect themselves and it was vital Australian businesses developed a culture of cyber security awareness.
Mr Owen said cyber criminals were constantly finding new ways to steal an organisation's valuable information.
He has seen this trend build in recent years. Before joining BAE Systems Detica, Mr Owen led Deloittes' security management competency team in Australia and has had previous experience with BAE Systems in the UK where he worked in information security for joint venture company MBDA Missile Systems.
"The company's supply chain is often the weakest link and the easiest place to find that information because many of those organisations are not actively looking for evidence of compromise," Mr Owen said.
"BAE Systems Detica has seen a marked increase in attacks on supply chain targets such as professional services companies, legal firms, IT outsourcers, marketing agencies or other third party advisors and companies.
"The main targets have increased their defences so attackers a looking for another route in. Hackers can easily get into an organisation through the third parties a company works with."
According to research by BAE, the factors that have led to the increase in targeted attacks of supply chains include:
- growing resources and sophistication of attack groups
- increase of blended attacks
- low risk of getting caught for attackers
- increasing difficulty to detect threats and attacks
- challenge of identifying the specific behaviour patterns of sophisticated attacks
- lack of resources in the Australian industry to perform sophisticated analysis, follow-up investigation and response/clean-up.
BAE Systems Detica has created a list of suggested best practices to protect supply chains:
1. Prepare
It is important to understand your so-called trophy information (information that is highly desirable to hackers and corporate thieves), cyber risk, compliance environment and internal cyber capability. These are the first things to assess in any cyber security plan. Based on this knowledge, you can develop strategies and tactics that will help address cyber risks based on priorities. It will also pinpoint whether you need to develop your workforce to become more cyber aware and what additional skill sets might be required. Publish your business rules for cyber security and create awareness of these among your employees and those of your supply chain.
2. Monitor
Businesses should continually monitor systems and networks for signs of malicious activity, but also keep track of changing business requirements, emerging trends and the external environment they operate in. Make sure you measure the effectiveness of cyber security (technical and non-technical capabilities) as this will help you stay on track.
3. Protect
It is imperative to design and deploy cyber security solutions that will address risks and enable the business to operate with confidentiality and integrity. However, these solutions need to be carefully developed so they don't cripple your systems by being too secure. Apply sound engineering processes to the selection, development and deployment of cyber capabilities so that they integrate well with your business operations.
4. Respond
Having response plans in place sounds like a given, but this is often overlooked by businesses. Understand your capability to contain and recover from cyber incidents and make sure you learn from previous ones and that the appropriate feedback is given in order to prepare processes.
5. The human factor
Companies place a lot of importance on technology when it comes to cyber security it is important not to overlook the human factor. Do employees understand the sensitivity of the data they have access to and the implications if there is a security breach? Getting employees to care about security and understand that they have an important role to play in keeping the organisation's cyber security risk to a minimum is key.
Mr Owen said, "Without the human element, the technological controls are useless. Creating a culture of security is imperative. Companies must always consider the suppliers' security measures to ensure they align with theirs."
BAE Systems Detica's business delivers information intelligence solutions to government and commercial customers and develops solutions to strengthen national security and resilience. Detica is part of BAE Systems, a global defence, aerospace and security company with about 90,000 employees worldwide.
BAE Systems also delivers a wide range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services.
One of BAE Systems Detica's high profile clients is McLaren Group, which includes Vodafone McLaren Mercedes, a world leading Formula 1 team. The group has rich and varied intellectual property (IP) that is vital to maintaining competitive advantage and warrants advanced protection. The groups uses Detica CyberReveal to protect the team's IP - including its advanced automotive technology - as well as its partner and commercial information against sophisticated targeted attacks on its information systems and networks.
ends
