The real risks

There is a lot of hype about IT security.

Some of it is fanciful, straight out of television programs.

Some of it is scaremongering, with a touch of conspiracy theory.

This page summarises the main threats that local businesses in Perth are being hit with daily. These are the risks that responsible management need to guard against.

Six common IT breaches

  • Ransom demands based on data hijacking (short play)
  • Ransom demands (long play)
  • Diverted payments
  • Data exposure
  • Internally facilitated compromises
  • Theft of critical business information

Ransom demands based on data hijacking (short play)

An everyday occurrence concerns a hacker that gets into your internal IT system and locks or encrypts your data. You now have no access to client records, no accounting data, and no emails or other correspondence.

They demand a ransom payment to unlock the data.

If you have good backups, you wipe your data storage, restore from backup, and immediately search for and plug the security hole that allowed the hacker in.

With no backups, you may be forced to pay the ransom and you might get your data back. It may, however, contain hidden backdoors allowing future exploits. One thing you can be sure of, as a proven ransom-payer, you will be a prime hacker target for years to come.

This is possibly the most common serious hacker threat because it can be applied even to data systems that have no commercial value. Luckily, this is also the easiest to deal with via good system design and backup.


Ransom demands (long play)

More patient and serious hackers spend months inside a compromised system, doing nothing more than encrypting each backup until the entire backup cycle is compromised. Even off-site backups can be targeted and corrupted in this way.

When these hackers lock you out, it may be too late for any recovery and the ransom price will reflect that…

Strong access-security using firewalls and filtering, regular intrusion scans and periodic back-up test restores are an effective strategy against long play data hijacking, providing they are implemented in advance.


Diverted payments

A new favourite with a bite.

Increasingly sophisticated hackers are now spending months, even a year or more, inside compromised systems, learning how the business operates. They watch what payments are made and what the approvals process is. They may skim regular small amounts, but normally they are preparing for a big payday when they clean you out.

A popular strategy is to divert an internet payment after it has been through an approval process, by changing the destination account. Big payments to the ATO, for example, have been successfully diverted from Australian businesses to untraceable offshore accounts.

Also popular is to run fake supplier accounts which are then paid. If the amounts are modest in relation to the business size and based on existing legitimate accounts so they look normal, this kind of scam can run for months undetected.

As with long-play ransom demands, strong access-security using firewalls and filtering, and regular intrusion scans are effective. Stronger internal accounting procedures are also important.


Data exposure

Rarely reported but possibly the most common type of data breach worldwide is the exposure of sensitive customer data to hackers.

Almost any successful high-level breach creates the possibility that the hacker has copied customer data, possibly including passwords and credit card details. In Australia, it is now compulsory to report such breaches, but in reality, the business may not even know it has been compromised.

Copied data will certainly be sold. Consequences can include illegitimate credit card transactions and identity theft. More widespread is that customers whose data has been leaked will receive blackmail demands in which a hacker demonstrates knowledge of passwords as proof of access and control.

The main business consequence is a damaged reputation. If your customer relationship is built on trust, public knowledge of a data breach may break that trust. At the very least, customers will become reluctant to transact online. For some businesses, this will be fatal.


Internally facilitated compromises

Global research has repeatedly confirmed that about half of all IT security breaches are internally facilitated.

Sometimes it’s malicious, perhaps a disgruntled employee. This may cause inconvenience, data loss or public embarrassment.

Smaller scale theft is a common internally facilitated compromise, often based on fake invoices or accounts. There may be a collision between a supplier and a staff member.

More often it’s just careless, e.g. shared passwords or giving temporary contractors access beyond what is needed, and not revoking it when they finish. Other examples include unnecessary master passwords, repeated passwords, written-down passwords, old passwords and passwords that are not updated after one of the sites you connect to is compromised.

This means that a good portion of the security task is about establishing proper protocols and ensuring they are followed.


Theft of critical business information

Internet espionage is a popular movie premise, usually based on theft of new technology formulas or plans.

More realistically, a business preparing a major competitive tender might be tempted to pay for copies of everything another bidder is preparing. Perhaps business information may be stolen for later blackmail purposes.

This type of hacker action is not often reported. Affected businesses will usually want to suppress the story to preserve their reputation.  More likely, they will never know how their competitor got the jump on them.