Hackers stay inside an organisation for eight months on average before they’re found, according to latest report from The ABC.
The ABC has published a new report after consultation with cybersecurity experts outlining just how vulnerable the majority of Australian business networks are, and the lack of training staff receive in the area.
“Everybody is vulnerable. Australian organisations have no idea how vulnerable they are.” says Michael Connory, chief executive at Security In Depth.
“It takes about 22 minutes to get access inside a company.” -Stephen Connory.
“The easiest way for an attacker to get into an organisation is by phishing, by email.” He says.
“Ninety per cent of cyber attacks worldwide begin with an email. Most organisations don’t really look at their email security that carefully.” Most often, this comes in the form of an email from a legitimate-looking domain telling users that they “need to update your details.” In turn, they can be voluntarily offering up their username and password details directly to a hacker.
Once an email or attachment is opened, “on average, a hacker will stay in an organisation for eight months before they’re even found. They’ve got access to emails, financial statements, to confidential company IP, they’ve got access to customer databases.”
“By staying ‘in’ an organisation for such a long time they can start to see and read and be privy to a huge range of sensitive information.”
According to ABC reporter Daniel Ziffer, “almost half of data breaches in Australia are in health and finance, where organisations risk losing the vital trust of customers and their ongoing business.”
“Your tax file number, your driver’s licence number, date of birth… from that small amount of information they could begin to set up companies, obtain credit, start to obtain loans, run up huge debts,” Connory said.
Dr Suelette Dreyfus from the School of Computing and Information Systems at the University of Melbourne told the ABC that businesses can easily minimise their exposure with two simple steps.
“Patch, patch, patch! Upload all of those security updates from the operating system, and set it to auto-update.” She says.
“The other thing is to set up two-factor authentication… for all of your accounts; your Google, Facebook, your Twitter, because now those things are your outward view to the world.”
“The vast majority of threat[s] that Australian businesses face, in a cybersecurity sense, is from criminal elements… but there’s also the risk of industrial espionage and stolen IP.”