dave campbell - cert australia - key findings from the latest cert australia cybercrime and security...

16
ADM Conference CERT Australia: Cyber Crime and Security Survey 2013 Dave Campbell Director, Canberra

Post on 19-Oct-2014

293 views

Category:

Business


1 download

DESCRIPTION

Dave Campbell delivered the presentation at the 2014 ADM Cyber Security Summit. The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia. For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14

TRANSCRIPT

Page 1: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

ADM Conference

CERT Australia: Cyber Crime and Security Survey 2013

Dave Campbell

Director, Canberra

Page 2: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

CERT Australia

• Established in 2010, within Federal Attorney-General’s Department

• Assist Australian businesses prepare for, defend against and mitigate cyber security attacks

• Focus on systems of national interest, including critical infrastructure

Who is CERT Australia?

Page 3: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Information exchange with businesses

• The CERT does this in three main ways:

• Advice through alerts, guides, briefings

• Information Exchange – formal program

• Cyber Crime & Security Survey

Page 4: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

International Partnerships

Page 5: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber security Rest of the world

Drupal.org compromised, almost 1 million accounts leaked

Personal details of US troops stationed in South Korea leaked by hackers

Living Social compromised, 50 million accounts potentially accessed

Page 6: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Rest of the world

Saudi Aramco (Aug 2012)

South Korea, Media and Banking attacks (March 2013)

Associated Press Twitter compromise (April 2013)

Page 7: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Current Cyber Security EnvironmentAustralian business perspective

What Australian business wants

“Can you please help explain the Australian cyber security perspective to my senior management. They don’t want to always hear about the rest of the world’s experience.”

Page 8: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Current Cyber Security EnvironmentAustralian business perspective

Australian business perspective

Page 9: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber Crime & Security Survey 2013

Key findings: overall number of incidents increased in 2013, as did targeted attacks – especially targeted emails • Spear Phishing is still extremely popular and effective.

• CERT experience: a relatively new technique known as “Water-holing” - compromising websites the target is expected to visit

• CERT finding: the scope of targeted attacks has widened, smaller companies more commonly targeted than theywere

Page 10: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber Crime and Security Survey

• Key finding:

– 61% do not have cyber security incidents identified in risk register

The CEO?

Page 11: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber Crime and Security Survey

• Key finding:

– Staff errors/omissions, poor security culture – main internal factors

Page 12: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber Crime and Security Survey

• Key finding:– Many businesses choose not to report incidents to anyone

57% chose not to report to an external agency

But 34% chose to report

Page 13: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Cyber Crime and Security Survey

• Key finding:

– 13% of organisations using Windows XP had no plan to migrate to something else before April 2014

Positive: 79% of those using it planned to migrate before April 2014.

Future for the rest…?

Page 14: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Summary

• You, as individuals, and your organisations are targets

• Difficult to manage the risks alone

• Organisations that manage cyber security effectively:

• View cyber security as part of their broader approach to resilience

• Understand the importance of investing in human capital and focus their security spend on good people not just shiny boxes

Page 15: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Actions to consider

• Actively seek and heed advice from IT security staff

• Seek regular updates or briefings from IT security staff about cyber security issues or incidents

• Ensure cyber security incidents are identified in the business risk register

• Partner with CERT Australia before a cyber security incident occurs.

Page 16: Dave Campbell - CERT Australia - Key findings from the latest CERT Australia cybercrime and security survey

Thank youAnd thank you to all those who

participated in this Survey

The Survey: cert.gov.au/newsroom

http://www.cert.gov.au

[email protected]

1300 172 499