Prime Minister Scott Morrison held a press conference on 19 June 2020 to advise that Australia was “under attack” – there had been a large number of Cyber Attacks on Australian businesses and government agencies to the point where Mr Morrison took the step of informing the country. For someone who has been learning about the damage these attacks can cause, what happened next was even more alarming. Within 48 hours, this announcement had been lost in the midst of the next news cycle. Granted, the current news cycle is reporting on a Virus overtaking the globe, but it appeared as if the country had just moved on to the next story or scandal.
So what happened? The Australian Cyber Security Centre (ACSC) advised:
“The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.
A range of tactics, techniques and procedures are being used to target multiple Australian networks. It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. Cyber security is everyone’s responsibility.“
This is serious. We have been warned, so what should we do?
The ACSC did provide detailed information for IT Managers, but again, what should you do?
Their advice provided some pro-active steps that you can follow to protect yourself, your systems and your devices:
1. Prompt patching of internet-facing software, operating systems and devices
Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.
2. Use of multi-factor authentication across all remote access services
Multi-factor authentication should be applied to all internet-accessible remote access
• web and cloud-based email
• collaboration platforms
• virtual private network connections
• remote desktop services.
This government organisation has put together an “Essential Eight” which provides basic protection and can be viewed at this link: https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained
The Government website, www.staysmartonline.gov.au is transferring to www.cyber.gov.au and you can sign up for an email that send you alerts with simple, easy to understand information on the latest scams, developments, protections etc. It is an easy way to keep informed about threats to your business and how to avoid them.
What else can be done?
Previously we have suggested that for travel companies, it is crucial that they heed the call for better risk management around cyber as ransomware can often be easily defended against.
Whilst Cyber Insurance is an important consideration for all businesses now, it only transfers the risk, and the main aim should be to ensure your IT systems have the best security protection available. It’s crucial that business owners understand they have a responsibility at all times to be vigilant in how they manage information, protect their data, and their clients private data which they would be liable for should it be invaded.
Important steps in protecting your business
General Advice Warning – the information in the above article is intended as a guide only and should not be relied upon without consulting your relevant insurance policy wording and conditions or conversely seeking professional advice from either your insurance broker or insurer regarding a claim or potential loss. Failure to adhere to this warning could result in a denial of a claim or potential loss or a reduction in settlement of a claim or potential loss.