The document discusses cyber security threats and provides advice. It notes that hacking is now a criminal activity, cyber crime costs $400 billion annually, and 230,000 new malware pieces are released daily. Individuals and organizations must take collective responsibility for cyber safety. Physical and IT security are directly linked, and supply chains and third parties present security risks if not properly vetted. Organizations must have recovery plans in place in case of an attack, as the attackers have the advantage.
1. latrobe.edu.au CRICOS Provider 00115M
Data and Security
Michael Fieldhouse
Director – Emerging Businesses and Federal Government
Hewlett Packard Enterprise
Adjunct Professor – La Trobe University
September 2016
2. 2La Trobe University
Four things I want to leave you with…
Cyber safety is our collective responsibility
Direct link between physical and IT security
Supply chain & 3rd party security is critical
How are you going to recover from a cyber attack?
3. 3La Trobe University
Let’s set the scene…
Hacking was once the domain of the hobbyists – “the nerd” – now a criminal activity
Cyber crime (2015: ~$400bn) is nearly as large as global drug trade (~$435bn)
An etimated 800 million personal records where stolen during 2014
230,000 new pieces of malware are released every day
Whale phishing (focused on executives) nets catchers between $25k - $50k per time
̶ Thieves will pose as these executives to get money or information from
employees using fake company logos and email signatures
Monash University found that 72% of surveyed Australian middle school students
had experienced unwanted or unpleasant contact from strangers on their social
networking profile
4. 4La Trobe University
Cyber criminals…
But don’t think cyber criminals only focus on corporations,
banks or wealthy celebrities
Individual users like you and me are also targets
Cyber criminals collaborate…
They work across international boundaries – without
accountability for their actions
They focus on the weakest link… think about your supply
chain
̶ External advisors: accountants, lawyers, etc…
̶ Third party companies that provide input to your
business
̶ Do you ask your advisors to report their security
incidents?
5. 5La Trobe University
Examples…
Cost to Australia is around $4bn p.a.
“Per Symantec, cyber crime has touched
nearly 5 million Australians”
32% of Australian smartphone users have
experienced mobile cyber crime in the past
12 months
6. 6La Trobe University
More examples…
Conversations can be edited using
Photoshop, etc and sent to your
workplace… simple extortion
7. 7La Trobe University
Cyber safety and education is our collective responsibility
Cyber safety staff inductions
Lunch time awareness session
IT Manager circulating details of current scams
and issues
Put up posters warning of the risks
Talk about the issue in staff meetings &
encourage reporting
̶ Eliminate the ‘fear of honesty’
8. 8La Trobe University
Your data and information
Understand what is public and what is private
If private… how important is it?
What data or information is on a “needs to know basis” only?
What happens if the data is compromised?
Do you have a plan for recovery? Have you tested it?
9. 9La Trobe University
Recovery…
The game is in favour of attackers
̶ 230,000 pieces of malware released everyday
̶ The reach of criminals is international
Do you have a plan if you are compromised?
̶ What would you communicate to clients, staff, other stakeholders?
̶ What insurance do you have? (Note: usually this is minimal)
̶ What impact could cyber crime have on your cash flow?
̶ Is it part of the business continuity plan? Have you tested the plan?
̶ Has there been discussion at management or board level?
10. 10La Trobe University
The link between physical & IT security
Human mules
̶ Accessing unprotected systems
̶ USBs, WiFi points and computer
connections
‘Tailgating’
Visitor check-in
̶ Identification
̶ Logging the visitor
̶ What areas are off limits?
̶ Escorting procedures
11. 11La Trobe University
Supply chain security
Cyber criminal focus on the weakest points
and where the value is
̶ International financial marketing
̶ Information is king
Contract documents moving back and
forward from lawyers
Information on production yields
Pricing information
̶ Marketing and advertising firms
12. 12La Trobe University
Other thoughts for consideration
Purchase of USBs and second hand
computers
Movement of data and information between
work and home environments
Cyber safety education for adults on the
dangers of computer games
̶ Communication between avatars
14. 14La Trobe University
Four things I want to leave you with…
Cyber safety is our collective responsibility
Direct link between physical and IT security
Supply chain & 3rd party security is critical
How are you going to recover from a cyber attack?
15. Thank you
latrobe.edu.au CRICOS Provider 00115M
….a good article to read: HBR Cyber security lessons from the Pentagon, Sept 2015
Michael Fieldhouse
+61 421 060 590
michael.fieldhouse@hpe.com
Linkedin - https://au.linkedin.com/in/michaelfieldhouse