Is your business ready for the Essential Eight?

By

At the beginning of 2020, the Federal Government and the Australian Cyber Security Centre (ACSC) announced the Essential Eight (E8). The E8 is a strategy for businesses to mitigate cybersecurity incidents, protecting their systems against a range of adversaries.

What is the “Essential Eight”?

The ACSC has admitted that no single mitigation strategy guarantees total prevention of cybersecurity incidents. However, they encourage organisations to implement the eight essential strategies as a baseline. These mitigation strategies are also deemed cost-effective with regards to time, money and effort when compared to the resources needed to respond to large-scale cybersecurity incidents.

  • The E8 strategies are categorised into three groups:
  • Strategies to Prevent Malware Delivery and Execution,
  • Mitigating the Extent of Cyber Security Incidents, and
  • Recovering Data and Maintaining System Availability.

For more information on these strategies visit the Australian Cyber Security Centre.

How will the Essential Eight affect your business?

These new strategies are now a benchmark for any business or organisation who is required or aspires to work with the Government, Health or other contracts containing sensitive data. Whether your business is compliant with these strategies or is not is now a big factor when it comes to Government tenders, contract pitches and so forth. It is also likely that other big corporations dealing with data will also require their business partners to be compliant with the E8 before starting any work.

Complying with the Essential Eight

As a business owner or IT professional, your first task will be running an IT security audit and comparing your current system to the strategies outlined by the Government. From here, you will be able to identify your weaknesses and gaps in security. Your business can begin implementing the eight strategies anytime, and suggested approaches from the Australian Cyber Security Centre are available.

How eStorm can help

You do not need to handle or manage this change on your own. Our team understands auditing your current system and updating your strategies to suit the new benchmarks is not an easy task. Our friendly IT support team is here to help your business obtain a high-security standard, going beyond the E8 strategies.

Currently, the E8 strategies are heavily based on Windows-based systems. However, our team covers this and more to ensure your business’ IT is secure. Our broad services include Mac Controls, Perimeter Security (Firewalls and Universal Threat Management), and breach mitigation (honeypots and intrusion detection systems).

If you have questions regarding how the Essential Eight will impact your business or how to maintain high-security standards, the eStorm is here to help. Contact us today!

 

3 Cyber Security Tips When Working Remote

By

Remote working can be a blessing. More time spent with the family, less time commuting and sitting through meetings from the comfort of your own home. But as companies across Australia continue to offer flexible work environments to prevent the spread to COVID-19, it is important to understand the security and privacy risks that both the business and employees may encounter.

Employees who are usually protected by corporate networks are working from much less secure locations, and cybercriminals have used COVID-19 as an opportunity. The Australian Cyber Security Centre (ASCS) has seen a significant increase in Australians being targeted with COVID-19 related scams, and advised everyone to stay aware and up-to-date. To help you get started, here are three things you could do to protect both your employees and the business.

Implement multi-factor authentication

According to the Australian Government, multi-factor authentication (MFA) is considered to be one of the most effective controls you can implement to prevent unauthorised access to computers, applications and online services. Using multiple layers of authentication makes it much more challenging to access your systems.

Multi-factor authentication can use a combination of:

  • Something the user knows, whether it be a passphrase, PIN or an answer to a secret question
  • Something the user physically possesses such as a card, token or a security key
  • Something the user inherently possesses such as a fingerprint or retina pattern.
Update your software & operating systems

Often software updates for operating systems and applications are developed to address security issues. Updates often include new security features that protect your data and device. Quite often cybercriminals take advantage of software vulnerabilities in common applications like operating systems and browsers.

Here are some best practices when it comes to software and operating system updates:

  • Stay current: software vendors release updates regularly and many of them relate to important security issues. Appoint someone to be in charge of staying on top of these updates.
  • Keep up with regular maintenance tasks: appoint someone to be in charge of keeping software licenses up to date and keeping software current.
  • Automate what you can: this will lessen the burden in the long run.
  • Back up everything: if you experience any crashes while updating you’ll be glad you did.
Outsource a Managed IT Service Provider (MSP)… like us!

Managed IT Services are a subscription-based outsourcing of IT systems management for businesses, which also includes the management of other IT processes and functions intended to improve business operations and reduce costs.

The goal of managed IT services is to help your business run more effectively by transferring the burden of managing and maintaining your IT software, hardware and environment to us—the managed IT service provider. As your IT managed service provider we then maintain responsibility for the day-to-day maintenance, upkeep and functionality of your IT service, equipment and overall infrastructure, as well as any short or long-term IT strategy and expansion.

Partnering with an MSP offers many benefits to your business. Some of these include:

  • Minimised downtime and cost reductions: with 24/7 proactive monitoring of your IT systems, we’re able to identify and address any issues before they cause damage, interruptions to your business or financial loss.
  • Security: with over 43% of cyber attacks targeting small to medium businesses, it’s vital vulnerability assessments, threat management and secure user access and verification become a commonplace for your business. We’re always working with leading technology vendors and testing the latest world-class technology, tools, systems and security to deliver the best and safest IT solutions.
  • Peace of mind knowing that no matter where you are or what issue arises, you have skilled professional IT experts in your corner who are prepared and ready to help you.

In light of the COVID-19 pandemic, businesses continue to adapt to the fast-changing environment and develop strategies to protect their business and staff from cyber attacks. Here at eStorm, we encourage Australians to remain vigilant and to review your current strategies to ensure you incorporate cyber security measures.

If you’d like to learn more about outsourcing your IT or Managed Services, or have questions about Network Security, get in touch today by emailing [email protected] or calling (07) 3120 0640.

Cyber Security in 2019 and Why We Need to Shift Our Thinking

By

 

2019 is well under way with strategies and projects being approved and budgets being allocated. However, it’s important to take note of the current landscape, where we’re heading in 2019 and how we can improve.

Users & Risk

How people work has evolved over the years. Bring your own device (BYOD) initiatives are becoming more common in the workplace, as well as remote workers seeing a significant increase—one studying showing that 70 percent of professionals work remotely at least one day a week, while 53 percent work remotely for at least half of the week. This means sensitive company data is potentially being exposed to insecure networks and other potential threats.

As a result, we need to shift our thinking toward managing risk based on specific users, user behaviour and the devices being used. Take, for example, two employees attempting to connect to the organisation’s network. The first employee has a trusted work device and is connecting from within the company network. The second is an employee connecting via their home network using a personal mobile device.

In this particular case, the first employee presents far less of a risk and should be granted access easily. However the second user, connecting from their own mobile device from home, might have a multifactor authentication safeguard added to minimise potential risks.

Likewise, we might use this approach to help businesses identify specific users whose roles or activities pose more of a risk. The example Solarwind’s Cybersecurity Predictions uses is the head of human resources who has access to confidential employee data. Someone in this role would require more rigorous security coverage than a graphic designer who might only have access to design files.

You could then require the head of human resources always connect via a VPN in order to guarantee that their device is safe and clean.

Enterprise Approach

Forbes lists industries like healthcare, finance and law as being especially vulnerable to attack, due to their storage and management of large amounts of sensitive data.

While large corporate breaches tend to dominate the headlines, cybercriminals are equal opportunists, which means businesses of all sizes are potential targets. This means smaller organisations should begin to think like larger enterprises and enlist the cybersecurity approaches and strategies they use.

The small to medium sized organisations should be looking to enlist ways to detect and monitor threats in real time, as well as develop strategies to respond in an appropriate and timely manor. Forbes claims small to medium businesses and small enterprises should be considering the large enterprise level approach as larger organisations will begin to demand specific security standards of the businesses they work with.

The Rise of Data Leaks

Breaches caused by a hacker exploiting specific vulnerabilities are far less commonplace. However, people are more often their own worst enemy with a lack of security knowledge, human error or just sheer laziness leaving data exposed far more often than we think.

In 2018, spikes in the number of data leaks and exposures where data was not being protected…at all, not even by a password, saw a significant increase.

Many websites and services in 2018 were exposed for various reasons, many of which resulted from unsecured servers exposing customer records and information— FedEx, Amazon and MindBody.

With data exposures showing no clear sign of slowing down in 2019, it’s now more important than ever to review all aspects of your IT infrastructure to not only fill gaps, but to improve overall security and efficiency.

 

 

Sources:

Brown, T 2019, ‘4 Cybersecurity Predictions for 2019’, Solarwinds MSP Blog, https://www.solarwindsmsp.com/blog/4-cybersecurity-predictions-2019

Browne, R 2018, ‘70% of people globally work remotely at least once a week, study says’, CNBC, https://www.cnbc.com/2018/05/30/70-percent-of-people-globally-work-remotely-at-least-once-a-week-iwg-study.html

NeSmith, B 2018, ‘Cybersecurity Predicitions For 2019’, Forbes, https://www.forbes.com/sites/forbestechcouncil/2018/12/28/cybersecurity-predictions-for-2019/#6e9a2fc44a27

Whittaker, Z 2019, ‘Here’s what to expect in cybersecurity in 2019’, Tech Crunch, https://techcrunch.com/2018/12/31/cybersecurity-predictions-2019/

 

What You Need To Know About The New Data Breach Laws

By

As of February 22nd 2018, privacy breaches can no longer be hidden from the public.

The Australia Government has introduced the Notifiable Data Breaches scheme under the Privacy Amendment Act 2017. The new scheme means businesses with a turnover of $3million or more are required to notify individuals whose personal information has been involved in a data breach that is likely to result in serious harm. These new rules do not solely apply for private enterprise however, the scheme also applies to government bodies, covering incidents such as the Medicare breach, non-for-profit organisations, credit reporting bodies, health service providers, some TFN recipients and more.

In order to qualify for public notification, a breach must result in:

  • Unauthorised access to personal information
  • Unauthorised disclosure
  • Loss of data (either accidentally or inadvertently)

Following that, it must be determined if the breach can cause serious harm. If it does match the above criteria, then the individual and the Commissioner need to be notified as soon as possible.

How You Can Help Reduce The Chance of Privacy Breach At Work & Home

Norton’s annual Cyber Security Insights Report that surveyed more than 20,000 individuals about their online security habits found that in 2017, more than 6,000,000 Australian consumers were victims of cybercrime, resulting in a $2.3 billion loss. The research also discovered that tech-savvy millennials were notably guilty of poor online security habits despite owning the most devices and adopting security practices such as pattern matching, face recognition, VPN, voice ID and two-factor authentication, nearly one in four (24%) of millennials surveyed use the same password for all accounts. This is a particularly concerning statistic as passwords remain the most common, and often only, method of device protection for Australians. In comparison, 72% of seniors use different passwords.

Here are five tips to reduce the likelihood of individuals and staff falling victim to cybercrime and opening your business up to a potential privacy breach.

1. Take Email Serious & Analyse Authenticity

Emails are an ever growing attack vector. Anyone using email, whether it’s at home or work, must be suspicious of any attachments and links. If you’re ever unsure, do not open or click on the unknown attachments. Common instances of suspicious emails you might see include ones that look completely legitimate – especially when it comes to phishing attacks.

2. Passwords Must Be Complex, Including Numbers & Letters

While this might seem very basic, Norton Cyber Security Insights Report showed individuals still had a long way to go when it came to using passwords effectively. Passwords, at home and work, need to be more intricate: containing at least 10 characters with an unguessable combination of numbers and letters. A simple rule of thumb is the longer it is, the harder it is to hack. Do not use the same password across multiple accounts, because if one gets hacked, the rest become vulnerable. And of course, don’t share your passwords.

Remembering multiple passwords can be really challenging so using a password manager that uses high level encryption is suggested. It is a convenient and much more practical option to reduce the chance of falling victim to cybercrime that could result in a data breach.

3. Update Devices & Software Regularly

While it might be tempting to keep clicking the “remind me tomorrow” notification that seems to pop up every other day, it’s putting your devices at risk and leaving your business vulnerable to attack. Likewise, your online security software needs to have automatic updates on so all new vulnerabilities can be plugged before it’s too late.

4. Use Security Software That Protects Systems

While it might be tempting to grab freeware security software, you really do get what you pay for. A multilayered approach when in the market for security software is necessary, with the antivirus focus only being about 20% of the software. Most detections happen at the network layer, and more than half of detections happening at that layer means they don’t get on your device and execute.

5. Back Up Via The Cloud – Not USB Or Portable Hard Drives

Backing up your data through a reputable cloud company enables you to have access to clean files whenever you need them, even in the event of a cyber attack or data breach. These cloud companies do a lot of the heavy lifting in terms of security, such as making sure there are no holes in the systems and performing security sweeps to ensure their infrastructure is robust and resistant to attack. An added bonus is your files are safe in the event of fire, flood or theft.

It is vitally important to establish processes to help reduce risk of any data breach, for example processes around how you enable access to data on work devices and personal devices. A data breach can be something as simple as someone copying data onto a USB and accidentally leaving it on a bus. Keeping company data safe and secure in order to reduce the risk of privacy breach should always be front of mind, and now with the new notification scheme it is even more important to take proactive steps to reduce the risk of a breach.

 

Learn more about eStorm’s multi-layered approach to security.

If you’d like any further information, assistance with your IT needs or you simply don’t know where to start – please feel free to call us on (07) 3120 0640 or email us at [email protected].

 

source: http://blog.cebit.com.au/understanding-the-mandatory-data-breach-notification-scheme?utm_campaign=CeBIT%202018%20TOFU%20Activity&utm_source=hs_email&utm_medium=email&utm_content=61164994&_hsenc=p2ANqtz-9Cg1Zomi0-I0-5vrOHJacedLIyrFxYCWu9gVx73vdjgCn-RxV7A7HKTleu-dWklNgJqZoXwwLXs3ycH_BrKLuRuhwB4Q&_hsmi=61164994

Ransomware – Just how much of a threat is it?

By

cryptoman
RANSOMWARE ACTIVITY IS INCREASING THROUGHOUT 2016
Ransomware is becoming quite a common method of cyber extortion for financial gain.  This is a type of malware that prevents users from accessing their files, applications or systems until a ransom is paid, usually using an anonymous currency such as Bitcoin. While individual computer users have long been targets of ransomware, over the last couple of years, the threat has expanded. Ransomware has been in mainstream media of late due to attacks against organisations such as hospitals.

It’s important to note that not all ransomware operates the same way. The file-encrypting type is probably the most dangerous.  Not only have you lost access to your own files, but this data often contains confidential material, and the perpetrators technically do have full access.  The issue is made worse however because paying the ransom offers no guarantee that the files will be unlocked.  Ultimately, making frequent backups is by far the best defence against ransomware.

Since the average figure demanded is relatively low, usually only a few hundred dollars, the attackers tend to spread the attack quite far, and just randomly to maximise their potential gains.  These are usually in the form of emails with malicious attachments, or links to malicious websites.

Ransomware Variants

CryptolockerThrough this increase in ransomware activity from mid-2015 to early 2016, there has been a myriad new variants of the attack.

Common Ransomware Families

We continue to see sustained distribution of many well-established ransomware families used in mass infection campaigns. In many cases these renowned variants, such as CryptoWall and TorrentLocker, spawned updated versions with improved encryption capabilities and obfuscation techniques. These established attacks will continue to be a significant threat to global enterprises as malware functionality, encryption techniques, and counter-mitigation measures are adapted and introduced into new versions. Examples include:

  • TorrentLocker: Throughout 2015, we’ve seen the continued distribution of TorrentLocker, a ransomware attack based on both CryptoLocker and CryptoWall. TorrentLocker has been active since at least early 2014 and is most often used in geographically-specific spam campaigns.
  • CTB-Locker: CTB-Locker – a name that represents the key elements of the ransomware, Curve (for Elliptic Curve Cryptography), Tor and Bitcoin, was first reported around mid-2014 and remained steadily active throughout 2015. During this time, we saw many campaigns spreading CTB-Locker and its variants, including CTB-Locker distributors capitalising on the free upgrade to Windows 10.  They did this by sending out emails masquerading as Microsoft emails offering the upgrade.

We have also seen several new ransomware variants that use a range of new tactics.  Based on increased growth, we expect ransomware developers to continue developing variants with novel features in order to expand their targets

  • Chimera: The operators behind the Chimera ransomware used the malware to encrypt victims’ files, but also threatened to publish the encrypted data if victims refused to pay the ransom. The attackers targeted German-based small and mid-sized businesses in mid-September 2015.
  • Ransom32: Ransom32 was first publicly reported in late December 2015. It was one of the first ransomware variants based entirely on JavaScript.  This potentially allowed for compatibility with not only Windows, but also Linux and Mac OS.
  • LowLevel04: Operators of LowLevel04 purportedly spread their ransomware using the less commonapproach of exploiting Remote Desktop and Terminal Services.
  • Linux.Encoder.1:Linux.Encoder.1 debuted in late 2015 as one of the first ransomware variants targeting Linux web-based servers. While the encryption capabilities in the early versions proved to be suspect, many reports alleged faults in its predictable encryption key.  The targeting associated with this branch of malware family is far from more traditional Windows-based attacks.
Where to from here?

We expected to see the ransomware threat landscape increase from levels observed in 2015, and sadly we have been right. Cyber extortion has gained notoriety and momentum, with huge profits from highly publicised campaigns spreading among cyber criminals. Recent campaigns in which victims paid the ransom reinforce the success and popularity of this particular attack method.

One of the most worrying threats is the deployment of ransomware after the attackers have already had access to the network. In these cases, attackerscould conceivably conduct reconnaissance and even disable or delete backups, or identify systems that are most critical to an organisation’s operations before deploying the ransomware.  To increase the difficulty of such an attack, enterprises are encouraged to properly segment networks and implement strong access controls. In addition, companies should evaluate backup strategies regularly, and test those backups to ensure that recovery is successful.  As always, “offline” copies of backups should be stored offsite in case onsite backups are targeted.

Overall, the best way to stay protected is through education.  Emails that insist you change settings so you can read them, or ask you to follow a links to access information should be heavily scrutinised.  Do you know the sender?  Is it likely that person would be trying to share files with you that require you accessing a website to get them?  Commonly we say the malicious emails appear from a courier company, or Australia Post telling you a package is waiting for you, and click here fore details etc.  Also we have seen emails claiming to be from the Australian Federal Police (AFP) asking you to appear in court.  We have also seen others appearing to come from your local council and is referring to parking fines and things like that.

Make your staff aware of the real risks of an infection like this, and encourage them to not take the risk opening those Heavy chain with a padlock around a laptopattachments.
As soon as you notice the infection, shutdown your PC.  If you are on a network and you leave the system running, these infections will spread to the server rendering that data useless.  The sooner the infected machine is switched off, the less impact it will have.

If you do find yourself a victim of one of these attacks, contact the team at eStorm immediately so we can get you back on track. In saying that, prevention is always better than a cure, so call us so we can make sure your backup strategy is comprehensive enough to minimise the impact of an attack like this.