The week in security: Banks investigating breaches as AusCERT experts warn on the security of everything

There were growing concerns about privacy as the New Zealand government confirmed that its Customs officers will be able to inspect electronic devices coming into the country.

No wonder organisations like the ACLU continue to fight government surveillance. Yet surveillance isn't the government's only problem: US officials confess that they might not be able to respond to cyberattacks on critical infrastructure.

This, as financial-services regulators warn that cybersecurity is the biggest risk to the global financial system – and news emerges that up to a dozen banks are investigating potential security breaches on their networks.

NBN Co was also reeling from a cybersecurity issue in the aftermath of damaging leaks and a subsequent, politically-charged AFP raid on Labor staffers that document-management specialists say could have been avoided altogether if NBN Co were protecting its documents correctly.

Despite growing awareness of the importance of security, research suggested that many organisations are still failing to prioritise it as they need to.

Others, like Queensland's Griffith University and the University of Auckland, are working through the six stages of cybersecurity response.

These stages were highlighted at the key AusCERT 2016 conference, where it was also revealed that healthcare organisations are lagging when it comes to information security and that Internet of Things (IoT) security would require commercial drivers. Conference attendees also heard from researchers concerned about the lack of security in building management systems, questioning the value of blockchain as a driver for change in financial-services giants, warning about the curse of convenience, the importance of penetration testing in the context of cyber war, and the risk of business email compromise.

The winners of AusCERT awards were announced amongst consensus that security skills are more important than ever, even as demand continues to surge: information-security training at the Boston BSides conference, for one, is so popular that its organisers are looking for space to grow.

Yet many students of cybersecurity training programs are reporting that they still can't find a job in cybersecurity even after they've completed a degree.

Also looking for a job is the CEO of Austrian company FACC, who was fired after losing $US47m in a targeted phishing attack in January.

Five people were arrested for netting $US2 million in a scam whereby they impersonated that country's tax-collection authority and demanded payments from hapless victims.

Also on the enforcement front, a celebrity hacker called Guccifer confessed to hacking into 100 email and social-media accounts belonging to American citizens and high-ranking government officials.

Along same lines, US legislators were demanding that searches of US email accounts stored offshore would require search warrants.

Even as anti-piracy advocates BSA seized on cybersecurity risks as yet another warning about stealing software, security researchers found that a recently patched exploit in Adobe Flash Player is still being used in widespread attacks, while new ransomware called DMA Locker was becoming more common.

Also of concern was the expansion of top-level domains, which creates a new security risk for business computers.

Even as Microsoft warned IT administrators against requiring users to set passwords that are long, complex and changed frequently, Google was aiming to have its Android password-replacement system available before the end of the year, while some Google alumni debuted a software-as-a-service tool for quickly spotting transaction fraud.

Also playing in that space is Cisco, whose purchase of OpenDNS last year is providing invaluable fodder for its threat-intelligence efforts.

Tags NBNMicrosoftsecurity riskscyber attacksGriffith UniversityAFPACLUInternet of Things (IoT)BSA | The Software AllianceAusCERT2016FACCBoston Bsides

Show Comments