New Cyber Attack

Australian Federal Parliament and Channel Nine Face Cyber Attacks

Australian Federal Parliament and Channel Nine, an Australian news channel, were rocked by cyber attacks on Sunday, March 28th 2021. The attacks led to disruptions that blocked mobile access of Parliamentary workers to their work emails and prevented Channel Nine from broadcasting programs.

Prior Warnings Came From the Very Top

The Australian Cyber Security Centre (ACSC) had warned organizations using Microsoft Exchange in Australia that not patching their software after being compromised by hackers could lead to more vulnerabilities.

Channel Nine has described this attack as the largest on any media company in the history of this country. The broadcaster has called the attack ‘significant in scale with high potential to disrupt business and ‘sophisticated and complex’.

It is interesting to note that last year, Australian PM Scott Morrison had warned about a state-based hacker targeting the major institutions in the country.

The Australian PM didn’t name any particular sector as the most vulnerable one but said that the threat spans across sectors ranging from government, industry, political organizations, education, health, essential service providers, and operators of other critical infrastructure.

It is noteworthy that previously, manufacturers of defense arms and equipment, government contractors, and some accounting firms have reported data breaches.

Cyber security experts in Australia believe that these attacks might have something to do with cyber espionage. They haven’t named any country or organization right now but believe that non-allied countries like Russia, China, North Korea, and Iran pose a serious threat to Australia’s cyber stability.

How Can Government and Private Organizations Protect Themselves Against Cyber Attacks

Cyber security principles are more or less the same for every organization. The difference is in the sophistication of methods and the potential loss that they face. Also, dangers emanate from various objectives. It can be a theft of Covid-19 vaccine development secrets or a nuclear manipulation in the power plants. It can also come in the form of theft of sensitive citizen information or literally anything that holds value to attackers. With greater privatization in manufacturing and services that hitherto came under government control, cyber security has become a joint effort.

Private organizations may not want to acknowledge that a cyber attack targeted at them involves individual threat actors and not nation-states. This is because it saves their reputation and business relationships. The logic they present in this case is the insufficiency of resources to defend against attacks perpetrated by attackers backed by powerful and resourceful governments.

The state of affairs, as far as cyber security of media houses is concerned, is also not very good. In a 2020 article by Info Security, it was mentioned that between Jan 2018 and Dec 2019, 20% of the 88 billion total cyber attacks recorded in this period were against media companies. The article also mentions that the study recorded 630% and 208% year-over-year increases in attacks against broadcast TV and video websites, respectively.

And it’s not like the government can alone secure its employees against cyber attacks. We’ve seen in the past, how government employees around the world have been targeted by threat actors with phishing, vishing, smishing, and other such forms of attack vectors.

However, it is the duty of both the governments and private organizations to collaborate and form a well-founded defense against cyber threats.

Some of the following measures can be helpful -

1. Cooperation — Information security is one subject where both the government and the private sectors stand to gain a lot from cooperation. Issues such as securing remote employees in the organization and shortage of cyber security personnel can be resolved through discussion.
2. Education — This is one vital aspect of cyber security that often gets overlooked. Employees in an organization make the first line of defense against cyber risks. It is important for these enterprises to understand that securing an organization is almost impossible if employee education is not given the attention it deserves. It is therefore important to deploy measures that can help employees in raising their level of cyber security awareness and knowledge. This can be achieved by using cyber security awareness tools like ThreatCop.
3. Incident Response — Incident response tools deployed in an organization go a long way in early detection and removal of malicious content from the employees’ inboxes. One such type of incident response tool that empowers employees to detect and report phishing emails is Threat Alert Button (TAB).
4. Email Domain Security — It should be a priority of the government and private organizations to deploy email domain security tools to secure their domains against forgery and misuse. These domains can be used to cause phishing attacks on other organizations and individuals alike. KDMARC is an email domain security tool that can protect multiple email domains of an organization against email impersonation and forgery.

Cyber security can be a major issue while discussing the progress of the economy. It can change an economy’s outlook positively or negatively, depending upon the measures taken by the government and private firms.

What would you suggest governments and private firms should do first to ensure a robust cyber security arrangement?