Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

650 views
499 views

Published on

Dave Campbell delivered the presentation at the 2014 ADM Cyber Security Summit.

The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia.

For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
650
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

  1. 1. ADM Conference CERT Australia: Cyber Crime and Security Survey 2013 Dave Campbell Director, Canberra
  2. 2. CERT Australia • Established in 2010, within Federal Attorney- General’s Department • Assist Australian businesses prepare for, defend against and mitigate cyber security attacks • Focus on systems of national interest, including critical infrastructure WhoisCERTAustralia?
  3. 3. Information exchange with businesses • The CERT does this in three main ways: • Advice through alerts, guides, briefings • Information Exchange – formal program • Cyber Crime & Security Survey
  4. 4. InternationalPartnerships
  5. 5. Cybersecurity Restoftheworld Drupal.org compromised, almost 1 million accounts leaked Personal details of US troops stationed in South Korea leaked by hackers Living Social compromised, 50 million accounts potentially accessed
  6. 6. Restoftheworld Saudi Aramco (Aug 2012) South Korea, Media and Banking attacks (March 2013) Associated Press Twitter compromise (April 2013)
  7. 7. Current Cyber Security Environment Australian business perspective WhatAustralianbusiness wants “Can you please help explain the Australian cyber security perspective to my senior management. They don’t want to always hear about the rest of the world’s experience.”
  8. 8. Current Cyber Security Environment Australian business perspective Australianbusiness perspective
  9. 9. CyberCrime&Security Survey2013 Key findings: overall number of incidents increased in 2013, as did targeted attacks – especially targeted emails • Spear Phishing is still extremely popular and effective. • CERT experience: a relatively new technique known as “Water-holing” - compromising websites the target is expected to visit • CERT finding: the scope of targeted attacks has widened, smaller companies more commonly targeted than they were
  10. 10. CyberCrimeandSecurity Survey • Key finding: – 61% do not have cyber security incidents identified in risk register The CEO?
  11. 11. CyberCrimeandSecurity Survey • Key finding: – Staff errors/omissions, poor security culture – main internal factors
  12. 12. CyberCrimeandSecurity Survey • Key finding: – Many businesses choose not to report incidents to anyone 57% chose not to report to an external agency But 34% chose to report
  13. 13. CyberCrimeandSecurity Survey • Key finding: – 13% of organisations using Windows XP had no plan to migrate to something else before April 2014 Positive: 79% of those using it planned to migrate before April 2014. Future for the rest…?
  14. 14. Summary • You, as individuals, and your organisations are targets • Difficult to manage the risks alone • Organisations that manage cyber security effectively: • View cyber security as part of their broader approach to resilience • Understand the importance of investing in human capital and focus their security spend on good people not just shiny boxes
  15. 15. Actionstoconsider • Actively seek and heed advice from IT security staff • Seek regular updates or briefings from IT security staff about cyber security issues or incidents • Ensure cyber security incidents are identified in the business risk register • Partner with CERT Australia before a cyber security incident occurs.
  16. 16. Thank you And thank you to all those who participated in this Survey The Survey: cert.gov.au/newsroom http://www.cert.gov.au info@cert.gov.au 1300 172 499

×