As a semi-technically literate person; or so I thought, it was great to attend a session organised by Maxsum Consulting. The topic was Cyber Security in the age of Artificial Intelligence.
A special guest was Dr Derek Bopping, First Assistant Director General, Head of Melbourne Office, Australian Signals Directorate.
Takeaway Thoughts – With Thanks
I was intrigued with the topic and the pragmatic ideas from the speakers. It was definitely an insightful and educational couple of hours.
Note: these are my interpretations of the discussion, all mistakes are mine.
ASD are a poacher and gamekeeper; dealing with both Nation State and Criminal Groups. They have a four-fold role; foreign hacking, listening and collection; hacking and offensive activities and protection.
They receive a call from the government and Australian businesses every 7 minutes who have had some form of cyber incident. In at least 50% of data breaches the access is via valid credentials. In 2022 there were approximately 148 ransomware events, with tip offs every 3 days or so.
In many cases the threat has been to dwell in a network “persistence” to collect information and be ready for some future event.
Harm is still the aim of many actors; espionage, disruption (pre-positioning) and destruction.
Recent experience has shown us cyber is now part of the conflict; not a standalone act.
A primary ASD role is to establish attribution “who did what?” Noting a private sector actor could be involved to support a nation state either explicitly or implicitly.
What about Artificial Intelligence?
AI is a lived experience in crime, it is not needed yet – but it is a capability that will expand.
For the attacker AI can support a less skilled team through scaling events. It provides the opportunity for automation; guessing passwords, finding credentials. It can improved the creation of domains to host malware and data as well as set up infrastructure. It can also support the scanning for vulnerabilities and lateral movement within networks.
For the defender AI can assist to triage systems and data. It can support risk sharing and risk blocking. Utilising cyber defence techniques it can orchestrate a real-time response.
AI tools and security testing can be enhanced; threats can be emulated, not just stimulated. Decision making and response can be automated.
Have you suffered an Incident?
Be prepared for the post-event response. It can be a protracted process running into many weeks (and beyond).
Consider the full exposure; reputational, financial and geographic. It is not just the incident and the network.
Be ready to involve all parties; know your insurer and the third-party responders. There will be interesting dynamics involved with all of these working with you and ASD to deal with the incident.
For management there will be the stresses of continuous disclosure and shareholders. Response will be required without fully understanding the damage – this will be a time of uncertainty.
Small Business Cyber Security
We have all heard about the cyber security failures in big business; Optus, Medicare, Latitude Finance, HWL Ebsworth.
For a small business, even a minor cyber security incident can have devastating impacts. In the 2021-2022 financial year, the average cost per cybercrime reported to the ACSC rose to over $39,000 for small businesses.
ACSC is the Australian Cyber Security Centre within ASD (Australian Signals Directorate). https://www.cyber.gov.au/
They are the Australian Government’s effort to improve cyber security. Their stated role is to help make Australia the most secure place to connect online. They are not just protecting the Australian Government and National Infrastructure. They assist all Australians, businesses large and small to prevent, mitigate and recover from cyber security events.
On their website they have a dedicated section for Small Business Cyber Security https://www.cyber.gov.au/smallbusiness. Businesses can access a range of resources to help protect themselves against common cyber security threats, including the Small Business Cyber Security Guide.
There are many simple and inexpensive measures businesses can use to improve their security. As a starting point, ACSC recommend the following three:
- turn on multi-factor authentication
- update your software
- back up your information.
Educate your employees, there are the first line of defence to cyber attacks. Your employees should have an awareness of cyber security, including the following topics:
- common cyber security threats such as business email compromise and ransomware
- protective measures including strong passwords or passphrases, MFA and software updates
- how to spot scams and phishing attacks
- business specific policies (for example, processesfor reporting suspicious emails or for validating invoices are genuine before paying)
- what to do in an emergency.
Become an ACSC partner to receive the latest information from the ACSC – subscribe via their website.