Opinion & Analysis
OPINION: As the owner of a New Zealand business it's easy to look at the recent major security breach of eBay and think 'that won't happen to my little company'.
It's true - these hackers who stole the personal data of up to 233 million people were likely organised, skilled and used sophisticated tools. And eBay was probably a target because of its sheer scale.
But the attack is representative of a growing trend in security breaches becoming much more sinister: targeted, technical and sophisticated.
What do these large security breaches of overseas-based organisations mean for New Zealand companies? Do we need to worry?
In short: yes. We need to be vigilant. Over the last four years we have seen a rise in the number of strategic, organised attacks of organisations.
The international network of 'hacktivists' known as Anonymous began to get a profile about four years ago when they took down Sony's online Playstation store in what is termed 'Distributed denial of service attack' (DDoS).
The attack was in retribution for Sony's lawsuit against a hacker who had sought to modify hardware that they own.
Since then, DDoS attacks have become more common, and breaches have become more sophisticated.
(As a large corporate we have a series of mitigation steps to stop potential DDoS attacks from entering the country. We have put in place technology into our international peering points in Australia and the US that effectively cleans the traffic before it comes down the pipe to NZ.)
A more disturbing type of breach that is becoming more common - is when hackers attack an organisation's financial asset and intellectual property - known as Advanced Persistent Threat.
It is an umbrella term, often thrown about and misused, but is usually applied when attackers use multiple tools - such as spear phishing emails, cold calling and brute-force (such as a hacker trying several different passwords to enter a system).
This sort of attack is sinister and can cause irreparable damage to an organisation.
APTs are often seen in nation-state sponsored attacks.
Kiwi companies might think they are immune to breaches of this nature, but we have many entrepreneurial companies with valuable intellectual property who could be targeted, particularly those in international trade or technology innovation.
Over the coming weeks we will be debating the role of the telecommunications sector in this environment.
As a large corporate, we are in are in a good position to act on known malicious content that could be traversing our networks, offering a level of protection to customers.
However, it does raise the question of should the telco be doing this at all? With concerns around privacy, especially in relation to national surveillance networks, it is an interesting debate to consider the duty that the network provider has on protecting its customers, given that it could be seen as a form of censorship to block content.
Another concerning trend is the shift in cybercrime to become more weaponised. For instance, CryptoLocker is a malware that can come disguised as a legitimated email attachment. Once opened and activated, the malware encrypts certain types of files stored on local or network drives.
The nature of this encryption is to hijack a machine and to demand money. The victim of the attack must pay money to have their files 'released' from the encryption.
What should companies do to protect themselves in this sort of environment? At the very least, understand potential threats and look for any irregularities such as your systems randomly communicating with a server overseas.
If you find something suspicious contact your IT or security provider for advice. If you believe you have been breached then it is best to contact the National Cyber Security Centre who can offer advice and assistance.
A good basic prevention strategy comes from the Australian Signals Directorate:
1.) Use application whitelisting - only allowing permitted and trusted applications to run, preventing malware from being able to execute;
2.) Patching applications - making sure all security patches are applied to applications like Java, Flash, PDF reader etc;
3.) Patch operating system vulnerabilities;
4.) Minimise administrative accounts and their use.
- Colin James is head of security at Vodafone