We have all heard or read about, at least one cyber attack that has taken place in the last three months. Most recently in August, we witnessed the widely reported nude celebrity photo leak that not only raised concerns for privacy, but also the security risks involved in downloading content from the Internet.
Reportedly, malware from distributed denial of service (DDoS) attacks on those computers that accessed the photographs, took down the entire IT infrastructure in New Zealand alone.
This example goes to show that ANZ is not immune to cyber attacks and breaches. In fact, a growing number of these types of incidents originate in ANZ and are much more common than what is disclosed.
Threats posed by DDoS attacks in particular, are growing more rapidly. We are seeing an increase in high profile and high impact international DDoS attacks carried out on major Australian institutions and government organisations. Some examples that come to mind include the Australian Federal Police (AFP) and the Reserve Bank of Australia, which were both breached late last year. These attacks show that even the largest, most secure institutions in Australia are faced with the challenge to protect themselves against highly sophisticated cyber threats.
Size doesn’t matter
In addition, it is important to note that a few years ago it was typically only high profile brands that were subjected to DDoS attacks. Take for example large US-based corporations such as JP Morgan Chase and the New York Times whose websites remained on the radar for attackers and were eventually attacked. Recent trends show however, that smaller companies are not immune to the threat of cyber attacks either. Attackers seeking intellectual property and economic data have shifted their focus to the smaller players and suppliers of larger firms.
In fact, the threat of launching a DDoS attack, in return for a paid ransom, is not uncommon to corporations who do not want to deal with the hassle of answering to its stakeholders. When a company is found to have loopholes in its security infrastructure, they not only stand to lose data, they also stand to lose customer confidence and in turn have to manage their brand reputation delicately. As a result, these types of cases go unreported and there will be no sight of these payoffs, in hopes to sweep the issue under the carpet.
In addition to DDoS attacks, malware has emerged as one of the most powerful tools for targeted data exfiltration, used particularly when an attacker wants to steal intellectual property or currency. According to the Australian Communications and Media Authority (ACMA), an average of 16,500 cases of malware have been reported to Australian Internet service providers every day last year.
Moreover, the head of Australia’s corporate regulator has warned that Australian businesses are not taking the risk of cyber crime seriously enough. According to Aon Financial Specialties, cybercrime in Australia costs an estimated AUD4.5 billion annually.
We all know that security is a global issue and isn’t going away anytime soon. In addition, the uptake of the Internet of Things is only going to make security an even bigger consideration for businesses. So what can organisations in Australia do to protect themselves more effectively?
Predicting a DDoS attack is difficult, and the results can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years.
Protecting against an attack however, may be less difficult. There are ways a company can keep their applications, services and even their entire network online, without stopping legitimate traffic. F5 Networks’ BIG-IP Advanced Firewall Manager, Application Security Manager and Local Traffic Manager provide the combination needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime.
At the same time, understanding who is attacking the business, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks.