According to a recently published report by Paul smith, The Australian Bankers Association made an attempt to defend the potentiality of the IT security processes in place across the banking system of Australia. Following the revelation of the data privacy of Reserve Bank of Australia invaded by Chinese computer hackers, ABA strives for computer protection.
Despite this, security experts had a view that the incident highlighted the need for Australian data breach notification laws which can be tightened to force organizations when they get to hear any such news against data security being hacked.
Chief Executive officer of ABA, Steven Münchenbergin told in an interview with The Australian Financial Review that there were no such reports of data breach attacks found on other local banks, and that the effective processes were already in place to coordinate the fraud investigations with federal as well as the state police.
Technology security experts along with the former head of investigations at the Federal Police’s Australian Hi-Tech Crime Centre, Nigel Phair, warned about the data breach that most of the businesses were vulnerable to computer hackers, and many such attacks were being resolved to divert the negative publicity of the organization.
“The Australian Bankers Association is not aware of any successful hacking attempts on Australian banks,” Mr Münchenberg said. According to him, “Banks have systems in place to protect customer information and accounts – such as employee training, employee accountability, strict privacy policies, rigorous security standards, encryption and fraud detection software.”
CYBER ATTACKS – DAILY OCCURRENCE
The data breach risks are invariably assessed by the security teams within banks posed by the computer hackers, said Mr Münchenberg and then implementing the additional security levels accordingly.
At an event of National Australia Bank investor day, bank’s outgoing technology chief, Gavin Slater said that the cyber attacks were a daily occurrence for banks.
In the recent scenario, it goes without saying that these cyber attacks are daily happening in US banks. “Just a couple of weeks ago, 11 such banks were targeted by the terrorist organizations and the criminals attacked banks in response to something that happened in the Middle East regions.
“Not a day goes by when somebody is not attempting to hack into any of the banks around Australia,” Mr Slater said.
LEGISLATION ON DATA BREACH NOTIFICATION IS NEEDED
The Director of the Centre for Internet Safety, Mr Phair at the University of Canberra, said it was important to reveal the breach took place at the Reserve Bank of Australia. He also drew attention towards the need for a long-planned legislation on data breach notification to be passed by the government.
“The RBA story was hugely important, because the attack happened some time ago, and we only found out about it because of a freedom of information request,” Mr Phair said.
“We desperately need data breach legislation; we are quite behind in global terms on that, to force businesses to disclose when sensitive data is breached. I don’t know what is holding it up, and I would like to think it is achievable. It will help other government agencies and businesses, to be aware that it is not just them being targeted, that the threats are pretty wide ranging.”
CODE OF SILENCE – AN AID TO CYBER ATTACKERS
Phair said, “In the beginning of such attacks, the companies tried to keep it purely confidential and kept silent on the data loss news of the intellectual property and customer details, particularly the listed ones until hit by the spooked company investors. But he said, the current code of silence is making it easier for the cyber criminals.
According to a study by the Ponemon Institute, KPMG estimated 75% of the 1000 largest Australian companies went through material data breach, which reported to amount an estimated $2.16 million per company per year to Australian companies.
A spokesperson for Attorney-General, Mark Dreyfus said in an interview that there were voluntary guidelines made on how Australian companies and organizations should report to a security breach, but growing risks need for tougher laws to be enforced.
The spokeswoman preceded by saying, “The Australian Institute of Criminology has highlighted the increasing risk of identity fraud and theft. As more consumers put personal details into websites and use their credit cards online, the risk of privacy breaches will increase.”
“The Attorney-General is considering proposals that would require companies to report to consumers and the Commonwealth Privacy Commissioner when a data breach occurs, to improve privacy, bolster the security culture within organizations and bring Australia into line with international jurisdictions.”
Mr Phair cautioned that a significant number of Australian businesses including the government agencies were unprepared for the social engineering attacks that were taking place, which were penetrating into the Reserve Bank of Australia. For such attacks, it was only required to trick the internal staffs by causing them to click on a fake email asserting to be from management.
He concluded, “Lots of organizations like the RBA have great perimeter and other security mechanisms in place, but this was basically just a phishing, social engineering attack. If I was one of the decent cybercriminals, that is what I would be doing.”
“People are the most susceptible and the weakest link, so you target them with what looks like a bona fide email, with an executable file in an attachment, and that is how you gain a weakness.”
According to Mr Phair, RBA’s consequent claims are that the attacks had been contained and that no sensitive data had been stolen were to a great extent, a public relations move to calm fears in the market.
He said that it is impossible to estimate what exactly people do once they gain access to various networks.
It was also believed by him that the case was much widespread than it was needed to report, as a very large number of victims of computer hacking remain unaware of the fact.
He also believed the problem was much wider spread than is ever reported, because a large number of hacking victims remain ignorant of the fact. And it was very appropriate for RBA to come out with its response publicly.
A security specialist named Raymond Choo, based at the University of South Australia, said that in order to encourage organizations to come forward, it was necessary to simplify the process of security data breach reporting.
Dr Choo also said, introducing the citizens as well as the business companies of a one-stop 24/7 reporting website which will report about malicious cyber crime activities taking place online would increase openness about the cyber crime too, and it could also lead to further collaboration of the community as well as the authorities.
He also said that it has become very vital to engender better data sharing and information among the public sector and private sectors as well as the association of researchers and other key stakeholders.
“The 2011 revised NATO policy on cyber defence sets out a clear vision of how the alliance plans to bolster its cyber efforts. . . which includes working with partners, international organizations, academia and the private sector in a way that promotes complementarity and avoids duplication,” Dr Choo said.
“This would allow co-ordinated action by government and law enforcement agencies, and enable all stakeholders to have a better understanding of the frequency and extent of cyber crime incidents and be better equipped to respond to them.””
Encryption software prevents data breaches
Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.
The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial
Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.