More stories

  • in

    Ransomware attacks jump as crooks target remote working

    Ransomware attacks surged during the first half of this year, as cyber criminals looked to spread their file-encrypting malware while many people are working from home.
    Analysis of malicious activity throughout the year published in Skybox Security’s 2020 Vulnerability and Threat Trends Report says ransomware has thrived in the first half of the year, with a 72% increase in new samples of the file-encrypting malware.

    More on privacy

    The rise in ransomware attacks came when large number of organisations switched to remote working as the world faced the COVID-19 pandemic.
    SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  
    While the switch to home working has allowed many organisations and workers to remain productive, it has also brought additional risk; security vulnerabilities in remote-desktop protocals – combined with the use of weak passwords by staff – has provided cyber attackers with an additional way into networks.

    This, along with the fact that some home workers have not been provided with clear cybersecurity training, has increased the attack surface for cyber criminals – at a time where cybersecurity teams are already overwhelmed because of the new reality of remote working.
    It’s as a result of this, the report suggests, that ransomware has surged, with security departments unable to fully defend networks against attacks.
    And because ransomware is so brutally successful at locking down vast swathes of infrastructure and rendering the network almost entirely unusable, in many cases, the victim feels as if the only option is to pay the ransom – which can cost hundreds of thousands of dollars in bitcoin.
    In addition, several ransomware campaigns have actively targeted healthcare and pharmaceuticals in an effort to extort ransoms from organisations directly involved in coronavirus-related treatment and research.
    “We observed 77 ransomware campaigns during the first few months of the pandemic – including several on mission-critical research labs and healthcare companies,” said Sivan Nir, threat intelligence team leader at Skybox Security.
    “The focus and the capability of attackers is clear: they have the means to impart serious financial and reputational harm on organizations,” she added.
    The report also notes how ransomware operations like Sodinokibi have become well-engineered and effective, pushing profits for attackers even higher – and potentially encouraging lower-level cyber-criminal operations to follow the same path in pursuit of money.
    SEE: Ransomware warning: Now attacks are stealing data as well as encrypting it
    In order to protect against ransomware attacks during the coronavirus pandemic and beyond, it’s vital that organisations take the correct steps to remediate vulnerabilities that could be exploited by hackers.
    This includes having full view of all corporate assets across the network and analysing how critical assets could potentially be accessed by moving laterally around the network with or without the correct credentials, and that VPNs, firewalls and other systems are properly configured with the appropriate security patches.
    “The need for focused remediation strategies that are informed by full network visibility and clear, data-rich intelligence has never been more pressing,” said Nir.
    MORE ON CYBERSECURITY More

  • in

    Russian cyberattacks an 'urgent threat' to national security

    Russia’s cyberattack capabilities — and its willingness to use them — pose an “immediate and urgent threat” to the UK’s national security, according to a report from a committee of MPs.
    The long-awaited and much-delayed Russia report from the UK parliament’s Intelligence and Security Committee (ISC) describes how it sees Russia’s abilities to use malicious cyber activities to further its aims.

    More on privacy

    “Russia’s cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security,” the report said.
    SEE: How to become a cybersecurity pro: A cheat sheet (TechRepublic)
    The ISC said that Russia carries out malicious cyber activity in order to assert itself aggressively — by attempting to interfere in other countries’ elections, for example — and that it has used organised crime groups to supplement its own in-house cyber skills.

    The report warned that Russia’s hackers have been gaining access to the critical national infrastructure of other countries, which could later be used to disruptive effect. The report noted that there had been Russian cyber intrusion into the UK’s critical infrastructure, although details of the affected sectors have been redacted.
    The report also said that Russian intelligence has orchestrated phishing attempts against government departments, including against the Foreign & Commonwealth Office (FCO) and the Defence Science and Technology Laboratory. Separately, Russia has recently been accused of attempting to hack into companies working on COVID-10 vaccine research.
    “Given the immediate threat this poses to our national security, we are concerned that there is no clear coordination of the numerous organisations across the UK intelligence community working on this issue”, the report said.
    However, the report did note that the government is taking a new approach to tackling these attacks, which involves identifying, and laying blame on, the perpetrators of cyberattacks. While the UK has historically been reticent in attributing cyberattacks to a particular foreign power, naming and shaming attackers is correct, the committee said: “This must be the right approach; there has to now be a cost attached to such activity.”
    SEE: Russia says Germany has not provided any evidence of Bundestag hack
    The report also mentioned other digital tools used by Russia as part of its broader attempts at disinformation and political influence, such as the use of bots and trolls, which are used to push a particular narrative or simply to create disruption. Another technique the report mentions is ‘hack and leak’, which was used in relation to the US presidential election in 2016; it has also been widely alleged that Russia was responsible for a similar attack on the French presidential election in 2017. Russia has denied any involvement in these events. “Russia has not and will never interfere in the internal affairs of the United Kingdom, especially in the context of democratic elections,” Russia’ UK embassy said recently.
    But the UK was slow to respond to the changing Russian strategy; it was only when Russia completed its ‘hack and leak’ operation against the Democratic National Committee in the US — with the stolen emails being made public a month after the EU referendum — that it appears that the government “belatedly” realised the level of threat that Russia could pose in this area, the report said. More

  • in

    Google: Here come 11 new security features across Gmail, Meet and Chat

    Google has announced the pilot for corporate avatars in Gmail that’s tied to DMARC adoption, a raft of new G Suite security features to protect Gmail, Meet and Chat, and new tools for admins to manage mobile devices and data leakage from Google Drive.
    Google has announced the pilot of a standard it’s backing called Brand Indicators for Message Identification or BIMI for organizations that want their email to display a corporate logo in Gmail’s avatar slot.

    The BIMI pilot isn’t just for marketing though as it will require participating organizations to authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance or DMARC. 
    SEE: Information security policy (TechRepublic Premium)
    The DMARC protocol can help stamp out email spoofing, a key ingredient in phishing attacks and business email compromise (BEC) scams.    

    But, in part because implementing DMARC isn’t easy, adoption of the email authentication protocol has remained extremely low in the private and public sectors, with the exception of US federal agencies that are subject to a 2017 DHS order mandating DMARC adoption. 
    Google’s brand initiative could be a carrot for DMARC adoption while helping keep email marketing relevant and protecting the medium from an erosion of trust. In China, DMARC adoption is strikingly low, likely because consumers prefer corporate communications via WeChat and SMS rather than email. 
    Organizations that use DMARC can submit their corporate logos to Certificate Authorities Entrust Datacard and DigiCert to validate logo ownership. Once the authenticated emails have been scanned by Google’s anti-abuse checks, Gmail will display the logo in the avatar box. 
    The pilot starts in a few weeks with a limited number of senders ahead of a full roll out planned in coming months. From there, organizations can choose whether they want to adopt the BIMI standard. 
    Google is also beefing up security controls for Google Meet, one of the options schools and workplaces have turned to for remote working during the coronavirus pandemic. 
    Meet hosts will gain more control over who can ‘knock’ to join a meeting. If a host boots an attendee from a meeting, that attendee can no longer rejoin the same meeting by knocking and will only be allowed back in if the host re-invites them. 
    Meet will also automatically block attendees from sending requests to join a meeting if their knocking request has already been denied multiple times. 
    And Meet hosts are gaining ‘advanced safety locks’ that allow them to decide how others can join a meeting, for example, via a calendar invite or phone. It also requires users to obtain explicit approval to join a meeting. 
    Safety locks block all users who are not logged into a Google account — deemed anonymous users by Google — from joining a meeting. It also offers the host the ability to control which attendees can chat and present within a meeting. 
    These build on the features Google announced in April to thwart pranksters engaged in ‘zoombombing’ or gatecrashing online meetings and classrooms. 
    To counter zoombombing, last week Google rolled out a Meet feature for Education users that prevents anonymous users from joining meetings organized by anyone with a G Suite for Education or G Suite Enterprise for Education license.   
    Meanwhile, Chat in Gmail is gaining the Gmail’s phishing protections. Now links sent to users in Chat will be scanned against Google Safe Browsing and flagged if it’s malicious. In the next few weeks, Chat users will also be able to report and block Chat Rooms suspected of being shady. 
    SEE: Google: Here’s how phishing and malware attacks are evolving
    Finally, Google is introducing changes for G Suite admins aimed at helping them keep devices secure during this time of increased teleworking. 
    As part of this effort, Google is integrating with Apple Business Manager mobile device management system to improve admins’ ability to manage iPhones and iPads. This is available to G Suite Enterprise, G Suite Enterprise Essentials, Cloud Identity Premium, and G Suite Enterprise for Education admins.
    Second, Google is beefing up the Data Loss Prevention feature so that admins can block users from downloading, printing or copying sensitive documents from Google Drive. Admins can also run a full scan of all files within Google Drive and automatically set controls for all users. The feature is available in beta to G Suite Enterprise, G Suite Enterprise Essentials, and G Suite Enterprise for Education customers.  More

  • in

    Twitter hack: Coinbase blocks $280,000 in Bitcoin theft

    Coinbase says it prevented the transfer of $280,000 in Bitcoin (BTC) during a recent cryptocurrency scam on Twitter that compromised dozens of high-profile accounts. 

    On July 15, Twitter accounts belonging to well-known figures and celebrities including Barrack Obama, Joe Biden, Elon Musk, and Bill Gates were compromised to promote cryptocurrency scams. 
    According to Twitter, social engineering was used to obtain access to employee accounts, and with the backend exposed, internal tools were then used to blast out cryptocurrency-related messages. 
    See also: Twitter says hackers downloaded the data of eight users in Wednesday’s hack
    In total, the cyberattackers manipulated 130 accounts — 45 of which were used to urge unwitting members of the public to send them BTC. Data belonging to eight accounts was also downloaded and stolen; however, Twitter does not believe the hackers were able to access cleartext passwords and so mass password resets are not required.  

    In an attempt to contain the incident, Twitter temporarily stopped verified accounts from sending out any messages that appeared to contain Bitcoin wallet addresses. At the same time, cryptocurrency exchanges, too, took action. 
    The addresses sent by the fraudsters were blacklisted by exchanges watching the saga unfold, which prevented those duped by the campaign from sending any of their cryptocurrency to wallets controlled by the threat actors. 
    During the attack, the scammers managed to steal close to $120,000 in BTC. However, if Coinbase had not blacklisted the wallet address within minutes of the scam beginning, this could have been far worse. 
    CNET: Twitter says hackers downloaded data from up to 8 accounts
    Speaking to Forbes, Coinbase chief information security officer Philip Martin said the exchange, which accounts for roughly 35 million users worldwide, stopped customers from sending a total of 30.4 BTC to the attacker’s wallet, which equates to approximately $280,000. 
    While 1,100 Coinbase users were prevented from sending cryptocurrency to the fraudulent wallet, within the small window of time between the scam being launched and blacklisting, 14 Coinbase users were still able to send $3,000. 
    TechRepublic: Phishing attacks aim to steal sensitive data by prompting people to renew Microsoft subscription
    Other cryptocurrency exchanges, including Binance and Gemini, also blocked funds from flowing to the scammer’s wallet address. 
    “We noticed within about a minute of the Gemini and Binance tweets,” Martin told the publication, adding that the platform wished to “avoid people having money stolen when it’s in our power to prevent it.”
    Twitter is working with law enforcement to investigate the incident. The company is also conducting a forensic review of all impacted accounts. 

    Previous and related coverage
    Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Fortinet snaps up OPAQ in secure access, cloud security push

    Fortinet has acquired OPAQ Networks to enhance the firm’s Secure Access Service Edge (SASE) portfolio. 

    Announced on Monday, the deal is described as a solution to a challenge faced by today’s organizations: a need for “immediate, uninterrupted, and secure access to network and cloud-based resources and data — especially business-critical applications — no matter where their users are located.”
    Financial details were not disclosed. 
    The COVID-19 pandemic forced many businesses to rethink their current operations and systems, how their employees work, and whether or not transitions to a work from home model, potentially for the long term, is possible. 
    See also: Back on track: Forescout, Advent agree new merger price, drop COVID-19 lawsuit

    As offices closed worldwide in a bid to contain the spread, companies and employees alike scrambled to create hasty home office spaces, and this also meant that staff often needed to be able to access corporate resources and networks from home. 
    This is where SASE solutions come in. With so many potential-vulnerable endpoints — ranging from PCs to Internet of Things (IoT) devices and mobile devices — SASE platforms attempt to bring everything in under one cloud-based security umbrella, allowing IT teams to monitor both users and networks efficiently. 
    Founded in 2017 and based in Herndon, Virginia, OPAQ’s Zero Trust Network Access (ZTNA) cloud solution will be combined with Fortinet’s Security Fabric enterprise cybersecurity platform to create what the companies call a “best-in-class SASE cloud security platform with the industry’s only true zero trust access.”
    The combined solution will offer customers zero trust access, firewall, SD-WAN, web security, sandboxing, endpoint management, multi-factor authentication, browser isolation, and cloud security mechanisms, among other features. 
    CNET: Twitter says hackers downloaded data from up to 8 accounts
    OPAQ has previously raised $43.5 million through three funding rounds. 
    “The recent SASE market momentum further validates our security-driven networking approach and underscores what we’ve been saying for years,” commented Ken Xie, Fortinet founder and CEO. “In this era of hyperconnectivity and expanding networks; with the network edge stretching across the entire digital infrastructure, networking and security must converge.”
    In related news this month, Advent and Forescout Technologies settled their differences and agreed upon a revised acquisition price following Advent’s attempt to withdraw from the deal due to the novel coronavirus pandemic. 
    TechRepublic: Phishing attacks aim to steal sensitive data by prompting people to renew Microsoft subscription
    The original purchase price for Advent to take on Forescout was $1.9 billion. However, the private equity investor then said “material” changes had occurred at Forescout due to COVID-19, and therefore, the company was able to change its mind. 
    Forescout denied this claim and began to explore litigation to ensure the deal was closed. Now, Advent and Forescout have come up with a revised figure to stop the matter from going to court — $29 per Forescout share, rather than $33, which is still a 16% premium on closing share prices on July 15.
    The companies said the amended price was the “best outcome for both parties.” 

    Previous and related coverage
    Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    COVID-19 fuels cyber attacks, exposes gaps in business recovery

    The majority of businesses worldwide have seen a jump in cyber attacks as a result of employees working from home, with most reporting an increase in COVID-19 related malware. In Singapore, the global pandemic also revealed gaps in organisations’ disaster recovery plans and IT operations. 
    Some 91% of enterprises reported an increase in cyber attacks with more employees working from home amidst the coronavirus outbreak, according to a global survey released Tuesday by VMware Carbon Black. Conducted in March by research firm Opinion Matters, the study polled 3,012 IT and cybersecurity leaders across several markets including Japan, Australia, Germany, the UK, and Singapore, where there were 251 respondents. 
    COVID-19 inspired malware saw the highest jump across the globe, with 92% noting an increase in such threats compared to typical volumes before the outbreak. Pandemic aside, 90% reported a climb in cyber attacks over the past year, with 80% noting an increase in the level of sophistication in such threats.

    Some 94% said they suffered breaches in the past 12 months, including 100% in Canada and the Netherlands, and 99.6% in the Nordics. In Asia-Pacific, 96% in Australia, 92% in Japan, and 80% in Singapore reported likewise.
    Vulnerabilities in OSes were the most common cause of breaches, as cited by 18% worldwide, while island-hopping was the main cause of breaches in markets such as Italy and the Nordics and web application attacks were most common in Canada. 

    In Singapore, 43% saw increased attack volumes over the past year, reporting an average 1.67 breaches, and 67% said such threats now were more sophisticated. OS vulnerabilities were the most common cause of breaches, as cited by 20% in the city-state, while 15% pointed to holes in third-party application that led to security breaches. 
    Island-hopping attacks also climbed more than three-fold in frequency, with 10% of Singapore companies encountering such attacks and 12% cited these as the cause of breaches. In such tactics, attackers target a larger group to indirectly breach a network, such as an organisation’s weaker and less secured community of business partners. 
    With added risks from third-party applications and the supply chain, these findings revealed that the extended enterprise was under pressure, according to Rick McElroy, VMware Carbon Black’s cyber security strategist. 
    The COVID-19 outbreak also unveiled gaps in business recovery planning of 89% in the country, who described such holes as slight to severe. Another 86% uncovered gaps in their IT operations as a result of the pandemic, while 85% identified problems due to a remote workforce and 73.5% had issues related to visibility of cybersecurity threats.
    McElroy said: “The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Those organisations that have delayed implementing multi-factor authentication (MFA) appear to be facing challenges, as 32% of Singaporean respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.
    “These figures indicate that the surveyed CISOs (chief information security officers) may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation,” he said.
    In addition, respondents in Singapore on average used more than 11 different tools or consoles to manage their cybersecurity strategy, indicating a complex and multi-technology environment that grew reactively with security tools bolted on to address evolving threats.
    McElroy noted: “Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.” 
    According to the survey, 90% of Singapore respondents planned to up their spending in cyberdefence in the coming year. This, however, was a drop from 99% in the previous October 2019 study who indicated likewise. 
    RELATED COVERAGE More

  • in

    COVIDSafe's problems aren't Google or Apple's fault despite government claims

    The iOS version of Australia’s troubled COVID-19 contact tracing app, COVIDSafe, tries to connect to every device a user’s phone has ever connected to, indefinitely, and that’s just one of the lingering bugs.
    Every time the Bluetooth controller disconnects from a device, such as when COVIDSafe successfully exchanges data with another app user, it will attempt the reconnect 15 seconds later.
    “When devices go out of range or switch identifier, these connections will stay pending indefinitely,” wrote Richard Nelson, when reporting the bug some 16 days ago.
    “This is almost certainly the cause of COVIDSafe causing some (maybe not all) issues with connections to Apple Watch and other devices.”
    Both the Android and iOS versions of COVIDSafe have previously been reported to interfere with blood glucose monitors, as well as fitness activity trackers, earbuds, and in-car audio.

    The Digital Transformation Agency (DTA) acknowledged this iOS bug on GitHub the following day, but has not posted an update since.
    Another unfixed bug prevents some iOS-to-iOS exchanges thanks to bad handling of payloads longer than Bluetooth’s maximum transmission unit (MTU).
    The government continues to blame the app’s unreliability on both Android and iOS on a lack of cooperation from Apple and Google. According to tech community developers who’ve been debugging the app, that’s not true.
    “If the government are claiming that the issues are Apple’s fault, then it just doesn’t make sense when we know that there are perfectly good explanations that are not Apple’s fault,” developer Jim Mussared told ZDNet.
    “We know that there’s a bug here, and we know that it results in the app not functioning, and we know that it results in breaking connectivity to other devices. So what grounds have they therefore got to be blaming mysterious issues on iPhones?”
    The government is also continuing to rule out moving to the contact tracing API developed jointly by Apple and Google — which wasn’t available when COVIDSafe was developed — on the grounds that it would remove them from the process.
    “There’s no way we’re shifting to a platform that will take out the contact tracers,” said Nick Coatsworth, Australia’s deputy Chief Medical Officer, in June.
    The Apple-Google approach was designed to be more protective of people’s privacy, but the flipside is that it can’t provide data in all the ways a contact tracer might want.
    One scenario is when a person who tests positive for COVID-19 tells a contact tracer that they were on public transport at a certain time. COVIDSafe logs could potentially identify which app users were in the vicinity at that time.
    “Apple-Google doesn’t really facilitate that direction of looking at the data,” Mussared said.
    “The Apple-Google system inverts the reporting such that the notified person (i.e. the detected contact) sends the details of the exposure to the authorities, however that info does not include the source of the exposure, only the time and ‘risk metric’,” he said.
    That gets you a lot of the way there, which means it’s at least useful for contact tracers while still preserving privacy.
    “At least the Apple-Google thing works,” Mussared added. “If you’re gonna have an app, at least get some benefit from it.”
    Does COVIDSafe’s cost represent value for money?
    The government’s spending on its coronavirus-related app is reportedly millions more than previously thought.
    Technology company DELV has been paid more than AU$3.8 million to develop the coronavirus information app, reported 9News on Monday.
    The total for work on that app and COVIDSafe was reportedly around AU$6 million.
    DELV also “has links to the Liberal Party”, according to 9News, although a spokesman for Health Minister Greg Hunt said “the entire procurement process … has been undertaken under Australian Government procurement rules.”
    The federal government’s coronavirus advertising spend has been more than AU$64 million, though how much of that was specifically for COVIDSafe is not yet known.
    Meanwhile, Ireland’s contact tracing app, which is based on the Apple-Google tracing system, has seen 1.3 million downloads in its first eight days.
    “It still has to prove its mettle,” Seán L’Estrange, a social scientist at University College Dublin, told the Guardian.
    At €850,000 (around AU$1.4 million) the app is “dirt cheap”, he said, given that the average cost of identifying each case of infection is €42,000.
    “Even if it fails to produce the goods, little has been lost.”
    Stubborn politicians keep misrepresenting everything
    The effectiveness of COVIDSafe, or rather the lack of effectiveness, continues to distract from the government’s COVID-19 messaging. It didn’t have to be this way.
    The Minister for Government Services, Stuart Robert, continues to misrepresent COVIDSafe’s utility and the research into its potential benefits.
    “It’s found over 200 specific cases of contact tracing where people have actually helped professionals who have used it to contact other Australians that may have been impacted,” Robert told radio FiveAA Adelaide as recently as last Thursday.
    “It’s designed to augment manual tracing, and that’s what it’s doing,” he said.
    “As the Sax Institute says the truth is, it is critical to containing a second wave [of COVID-19 infections].”
    Neither of these things are true.
    COVIDSafe may have been used in 200 people’s tracing procedures, but it has yet to identify a single individual who hadn’t already been found by traditional methods.
    The Sax Institute said that COVIDSafe “has the potential to be an important adjunct” to manual contact tracing, not “critical to containing a second wave”, but only if the bugs are fixed and more people use it.
    Continued social distancing and large-scale testing are what’s “vital” to avoiding a second wave, they said.
    These misleading comments by Robert, and similar ones by his ministerial colleagues, are nothing more than political spin designed to smudge over previous misinformation.
    Prime Minister Scott Morrison is to blame, thanks to his daft comparison of COVIDSafe to wearing sunscreen, and the made-up target for app downloads.
    Robert has said Services Australia’s goals now include transparency, but we have yet to see that in the case of COVIDSafe.
    An honest government could dig itself out of this hole by acknowledging that COVIDSafe was over-sold, and that there isn’t any magical technical solution that’ll prevent the spread of the disease.
    A government with a spine would be happy to acknowledge that its strategy has changed, and simply suck up the usual whinging from journalists about “backflips”.
    After all, it’s only a few million dollars, a tiny part of a total national COVID-19 response that has already cost tens of billions of dollars.
    Related Coverage More

  • in

    Industry report calls for ACSC to get offensive and smaller agencies to get cyber help

    The industry advisory panel created to feed into Australia’s upcoming 2020 Cyber Security Strategy handed down its report on Tuesday that contained 60 recommendations designed to boost the nation’s defences.
    Of the recommendations, 25 were deemed as worthy of immediate priority status, while the remainder were suggestions for the strategy itself.
    Among the recommendations were calls to increase the ability of the Australian Cyber Security Centre (ACSC) to “disrupt cyber criminals on the Dark Web and to target the proceeds of cybercrime” and hold malicious actors accountable through law enforcement, diplomacy, or even economic sanctions.
    “The Australian government should openly describe and advocate the actions it may take in response to a serious cybersecurity incident to deter malicious cyber actors from targeting Australia,” the report recommended.
    The report also called for “larger, more capable” government departments to help out the cyber defences of smaller agencies.

    Since 2016, the structure of Commonwealth cyber defences have been reliant on each agency — from super departments like Home Affairs down to tiny ones like GeoScience Australia — being responsible for their own defences.
    See also: Geoscience Australia to be Top 4 compliant after discovery of unknown rogue file
    “My view is we want each individual department and agency to take responsibility themselves, and the best way we can do that is just remind them of the need for them to take this issue incredibly seriously,” then Minister Assisting the Prime Minister on Cyber Security Dan Tehan said at the time.
    “I think if we go over the top … sort of a centralised approach, I think that presents dangers. I don’t think mandating is the way to go.”
    Chair of the industry panel and Telstra CEO Andy Penn told ZDNet on Tuesday that this recommendation was not a rebuke of the Tehan approach.
    “I think it is a recognition that building cyber defences to the degree you need to given the sophistication of cyber criminals and cyber activity … it requires a significant investment and requires very significant resources and very deep expertise. It’s an acknowledgement that scale plays a role in that,” he said.
    “It’s a recognition of an opportunity that the government has to focus on big departments … that they can play a role in developing very sophisticated defence capabilities, and that they can then be leveraging the smaller departments, are just a practical consequence of the complexity of the landscape.”
    The report also said incentives should be made available to allow government to attract and retain cyber specialists, while it also called on government networks to have equivalent or higher protection than private networks.
    “Ultimately governments should be exemplars of cybersecurity best practice and Australian governments have some way to go in achieving this aspiration.”
    Similarly, the report recommended that large businesses receive incentives to support smaller businesses in their supply chain and client base.
    “Large corporates in Australia .. are not as well prepared as they need to be, but probably better prepared than small and medium businesses,” Penn said.
    The report also called for a “dynamic accreditation or mandatory cybersecurity labelling scheme” that would inform consumers, said the government should consider mandatory certification of supply chains for critical infrastructure, and that the strategy should improve access to actuarial data to help out the cyber insurance industry.
    Earlier this year, Telstra lifted the lid on its Cleaner Pipes initiative that sees the telco attempt to limit malware and botnet command communications in its network.
    The report said industry could be empowered to replicate such schemes, and further said there should be legislation to both back up the process and provide safe harbour provisions to give telcos certainty about the information they share with each other in responding to cyber threats.
    It was also recommended the government establish an automated, bi-directional threat sharing system between government and industry, and its first area of focus should be critical infrastructure.
    “The Panel recommends that threats to critical infrastructure, digital supply chains and systems of national significance should be addressed first,” the report said.
    “State, territory and local governments should also be considered key implementation partners for all elements of the strategy.”
    The panel also recommended a similar standing panel be established to advise the Minister of Home Affairs on cyber matters, and the implementation of the upcoming 2020 strategy.
    Related Coverage
    Scott Morrison cries ‘Cyber wolf!’ to deniably blame China
    Australia’s prime minister didn’t name China as the source of recent ‘sophisticated’ cyber attacks in Friday’s press conference. He didn’t have to.
    Prime Minister says Australia is under cyber attack from state-based actor
    Light on detail and refusing to attribute, Scott Morrison says state-based attacks are targeting all levels of government, as well as the private sector.
    Labor floats active cyber defence and a civilian cyber corps for Australia
    Labor proposes a public health approach, to cybersecurity, addressing the risk and susceptibility of the whole nation to cyber attack, not just critical infrastructure or ‘big-ticket capabilities’.
    Labor asks for the whereabouts of Australia’s overdue cybersecurity strategy
    Shadow Assistant Minister for Cyber Security Tim Watts hopes the new strategy shows the ‘substance and imagination that our national cyber-resilience deserves’ and that it’s accompanied by an accountable minister.
    AustCyber says digital trust required to boost Aussie economy
    A globally competitive Australian cybersecurity sector will ultimately underpin the future success of every industry in the national economy, the non-profit’s CEO has said. More