Business funding at risk from cyberattacks

For many Australian businesses, IT security is way down on the agenda. However, with increased cyberattacks on Australian commercial entities, investing in information security training could be the solution. 

How are cyberattacks affecting the commercial landscape?

According to figures released by KPMG, investors are walking away from businesses if they believe their information networks have been breached. The survey pointed out that 79 per cent of respondents would be deterred from investing if the business had been hacked.

The survey pointed out that 79 per cent of respondents would be deterred from investing if the business had been hacked.

Interestingly, on the flip side, investors are flooding the cybersecurity market. Malcolm Marshall, global leader of KPMG's cybersecurity practice, said the survey showed that 86 per cent of investors see cyberbusiness as an area of growth.

"Following a number of high-profile breaches, we are seeing global investors waking up to the issue of cybersecurity," said Mr Marshall.

Unfortunately, the survey also showed that 39 per cent of management personnel lacked the required knowledge to safeguard their business from cyberattacks. Yet, 86 per cent of investors would allow an increased amount of time spent on cyber-related business. 

This is good news for participants of information security training courses, as it would seem IT security opportunities may be on the rise. 

What can be done to improve cyber resilience?

There is a range of ways you can protect your business.

According to the Australian government, there are a series of actions you can take to mitigate the effects of a cyberbreach.

Limiting the types of personal information you upload online is a great place to start, while installing and keeping security software up to date is also an action that can have salient outcomes.

Education, such as IT security training, also offers excellent personal job prospects and positive cybersecurity-related outcomes.

Could IT security training help protect your business?Could IT security training help protect your business?

What types of IT security training are offered?

IT security training is in growing demand, and as such there is a variety of courses available. 

One example is the Foundation Certificate in Information Security (FCIS) currently offered by ALC Training.

The courses provides the ideal platform for anyone looking to: 

This information security training uses international standards and industry best practice to introduce essential concepts and the top four disciplines of information security. 

Key outcomes include:

If your are interested in information security training courses, get in touch with ALC Training today to find out how it can improve your job prospects. 

Is it time to get serious about cybercrime?

In today's digital world, IT security is becoming a big deal. With so many people studying IT security training, it is a surprise when companies and organisations ignore expert advice.

In a July announcement, the Insurance Council of Australia said that the current growth in cybercrime is a reason to no longer ignore the threat. It is estimated that cyberattacks cost the nation close to $1 billion a year.

It is estimated that cyberattacks cost the nation close to $1 billion a year.

 What is being done to combat this cyberthreat?

The Australian Cyber Security Centre (ACSC) is a government initiative aimed at protecting Australian networks from threats.

The centre draws together a range of cybersecurity partners, including the Defence Department, the Attorney-General's Department, the Australian Security Intelligence Organisation, the Australian Federal Police and the Australian Crime Commission.

According to its June report, cyberattacks have risen by 20 per cent to 1131 last year, growing from just 313 attacks in 2011. The most impacted industries are currently energy, banking and finance, communications, defence and transport.

The rise of new threats is an impetus for more people to seek IT security training and protect their organisations' networks.

New threats precede new defences

One of the major issues with cyberattacks and IT security is the speed at which new strategies and tactics arise.

The ACSC recently released a report advising of a new threat product currently being used. Web shells are defined as an exploitation vector, which can be used to gain illegal access and can lead to the more general network harm.

Is cybercrime on the rise?Is cybercrime on the rise?

A web shell is a script that is downloaded to a server that allows cybercriminals to administrate the machine. After installation, the web shell can be used to increase privileges and issue commands offsite. Exposed servers can be either internet-facing or internal.

Systems designed for content management and web server software are most at risk. Unauthorised individuals can use reconnaissance tools to detect and exploit vulnerabilities that may lead to the installation of a web shell.

Examples include:

  1. China Chopper. Although it is one of the smaller web shells, it is packed with capabilities.
  2. WSO. Has the ability to veil itself as an error page with a hidden form.
  3. C99. An alternative version of the WSO. It has the ability to make visible the servers security features.
  4. B374K. A PHP-based web shell with typical functions.

Web shells can be fought through a range of identification and mitigation strategies for IT administrators of web servers, which have content languages installed.

If you are currently looking to engage with information security training, get in touch with ALC Training today.

What does the Internet of Things mean for risk management?

The Internet of Things (IoT) is one of biggest tech innovations currently being implemented within commercial entities. But what does this mean for security risks and their management? Can information security training provide the answers? 

According to ISACA’s IT Risk/Reward Barometer, 72 per cent of IT professionals believe that IoT devices are not being properly safeguarded against IT threats by their manufacturers, while 73 per cent of IT professionals feel that their company will be hacked through a network connected device.

According to Gartner, there were close to 4.9 million connected devices in 2015 but by 2020, there will be 25 million.

What is the Internet of Things?

The IoT is the network of physical devices which communicate, sense and interact with each other and their environment through embedded technology.  

Within the IoT, devices such as smart phones and coffee machines are connected to the internet, as are industry specific objects such as components of a jet engine or a manufacturing plant. 

The number of objects connected to the IoT is continually increasing. According to Gartner, there were approximately 4.9 million connected devices in 2015 but by 2020, there will be 25 million. 

Jim Tully, vice president and distinguished analyst at Gartner, pointed out that “the digital shift instigated by the Nexus of Forces (cloud, mobile, social and information), and boosted by IoT, threatens many existing businesses. They have no choice but to pursue IoT, like they’ve done with the consumerisation of IT”.

The argument is that as the IoT expands into new applications for customers, businesses and other entities, it will create a transformation in economic output. Research by Gartner projects that IoT-associated spending will increase from 69.5 billion in 2015 to $263 billion in 2020. 

If the IoT is ever expanding, what does this mean for risk management? 

How can organisations manage their risk?

Courses focused on IT security training are becoming increasingly popular with both IT students and established professionals. This derives from the sustained risk most information technology services face. 

How can information security courses help your company manage risk? How can information security courses help your company manage risk?

Risk occurs through a range of issues, for instance as workplaces shift to a handheld environment, they are becoming more difficult to safeguard. This is due to devices like smart watches and phones connecting to a business’ IT network and creating more entry points for possible cyberthreats. 

So what can a business do to mitigate the risk associated with the IoT?

Banning new technology puts businesses at a higher risk because of the possibility of falling behind competitors. Instead, controlling for the IoT relies on integrating risk management into core IT services. 

Information security training courses, such as CRISC certification, prepare IT professionals for the challenges of information technology and enterprise risk management. 

Get in contact with an experienced course provider to find out more. 

Net normality: Mapping tech prefixes

According to recent research, conducted by Dr Jovan Kurbalija Founding Director of DiploFoundation and Head of the Geneva Internet Platform, the use of e-, virtual, online, and net are beginning to disappear in IT governance. 

This is the conclusion reached through monitoring the use of prefixes at the UN-based negotiations on global digital policy, which are currently underway at the World Summit on the Information Society (WSIS). 

Why are prefixes important?

The use of prefixes are a good indicator of trends currently within the tech sector. By monitoring and mapping prefixes researchers can identify current trends developing in certain industries. 

For instance, cyber has become highly associated with information security training, a major developing tech ​industry.  

Dr Kurbalija argues that this is not a surprise, as each policy field generates its own specialised vocabulary which frames governance discussions in different ways. 

Further, because of these framing and vocabulary differences, prefixes can cause issues for government departments, companies and organisations that work within a sector regulated by public policy. The differences, although subtle, may cause confusion when defining policy areas and thus whose responsibility it should be.

Finally, the use of different prefixes when referring to the same thing might accentuate the difficulties of overcoming policy silos. Policy silos refer to departments, like employment offices, economic development agencies and local training institutions, working individually, following separate policy frameworks and working towards different objectives.

Silos make it difficult to optimise outcomes from multi-disciplinary issues, such as internet governance.   

Prefix use in policy retreating

The use of tech prefixes is not disappearing completely, rather, they are no longer being used in general conversations. Instead, prefixes are utilised to refer to different sectors and thus refer to specific things. Here are three examples:

  1. Cyber is now mostly used when discussing security, or during IT security training courses. These include words like cyberattacks or cybercrime.
  2. Digital refers to development issues, such as the digital divide or digitisation. 
  3. E- is used for historical insight. A legacy from 2005 WSIS, it's used refers to previous conventions or strategies. 

As the internet and its technological associates normalise, it is only a matter of time until these prefixes disappear from our vocabulary forever. To take advantage of the booming IT industry, contact an IT training provider today.

What’s the cost of an insecure network?

Cyberspace is emerging as the newest theatre of warfare and thus the importance of information security is increasing.

According to research from Gartner, global IT spending currently tops $3.8 trillion, which is equivalent to the total GDP of Germany. This is a reflection of just how digital the world's economies have become. 

Any digitised information network is susceptible to a cyberattack. But, what is the actual cost of such attacks?

Recent research released by Ponemon Institute, a research centre focused on privacy, data security and information protection policy, reveals that the average consolidated cost of cyberattacks amounts to $3.8 million annually.

The IBM backed study, which is called Cost of Data Breach Study: Global Analysis, encompassed 350 firms and 11 countries and found that the cost of cyberattacks has risen by 23 per cent since 2013.

What industries were hit the hardest?

According to the study, the average cost per record breached is $154. Yet, cyberattacks that target the healthcare industry cost $363 per record breached. 

This reflects the growing cost cyberattacks have on the healthcare industry. However it is the banking, hospitality, IT and retail sectors that suffer the most cyberattacks. 

Banking, retail and IT industry are also in the top ten when it comes to spending on IT and IT security services. 

How can information security protect against cyber attacks?How can information security protect against cyber attacks?

Why do cyberattacks cost so much?

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said that the research uncovered three major reasons for the increase in costs.

  1. As cyberattacks are occurring more frequently, the cost of security solutions is constantly going up.
  2. Customer retention is being negatively affected by these frequent breaches.
  3. Companies are spending more on their forensic activities while assessments from crisis teams are also rising.

Importantly, one other reason the overall cost has been rising is that 47 per cent of breaches are now malicious attacks, which cost more to remedy.

Cybersecurity is a major issue. But it is also an increasingly attractive job market.

What has been the response?

Earlier this year, US President Barack Obama told the National Cybersecurity Communications Integration Centre that the US government would do all it could to boost security.

"Neither government, nor the private sector can defend the nation alone.  It's going to have to be a shared mission – government and industry working hand in hand, as partners," he acknowledged.

Cybersecurity is a major issue. But it is also an increasingly attractive job market. Cybersecurity companies are flourishing, even as economies around the world struggle.

Information security currently offers one of the best career paths in IT. What is important is that you find a leading provider of information security training courses, which will help you get your career started.  

Australian government joins forces to combat cyber threats

The ongoing risk of cybersecurity breaches is continuing to plague Australian organisations. However, the government has taken steps forward in addressing these concerns.

At a two-on-two meeting in Sydney, the respective Defence Ministers of South Korea and Australia, Han Min-koo and Kevin Andrews discussed a range of issues surrounding security in the region. They were also joined by Foreign Ministers Yun Byung-se and Julie Bishop.

Cybersecurity was a key talking point, as the two countries stated their interest in continuing the development of international standards and shared practices. Both parties also agreed to jointly focus on risk prevention schemes and ensuring that networks worldwide are aware of conflict resolution methods.

Agreements will also be settled between computer emergency response teams from both countries to work together as a united force. For business, keeping on top of information security training will be critical in addressing changes in cyberspace and supporting efforts made by the two nations. 

The Australian government is also looking at developments a little closer to home. On September 30, students from various TAFEs and universities will have the opportunity to participate in the Cyber Security Challenge.

Described as a "hacking" competition, contestants will be tested on their communication and technical skills over a non-stop 24-hour period. This year's challenge takes the form of a traditional "capture the flag" scenario, in which teams will gain ground through each challenge they solve.

The aim of the event is to introduce young people to the possibilities for a career in the field of information security. As Australia starts to focus its outlook on global cybersecurity, preparing the future workforce as early as possible is a great step in providing stability in network safety moving forward.

How can HR take advantage of digital disruption?

The very mention of the phrase digital disruption can bring a sense of apprehension to many business professionals and HR is no exception. However, with the right mindset, technology can radically improve HR processes across the board and offer benefits to both workers and employers.

What does digital disruption mean for Australia?

According to Deloitte, the Australian economy has already seen major changes due to a number of emerging innovations. 

The urgency to address the next wave of technological change is dependant on the industry a company is in. Deloitte's report categorised sectors based on how rapidly disruption will affect firms and to what extent. 

Industries that were pegged for both fast and impactive change included finance, information and communications technology, retail and media. HR professionals in these sectors especially should prepare themselves for oncoming shifts in their operating environment.  

Consulting and outsourcing firm Accenture believe that in the future, HR will start to closely resemble a marketing department. Rather than relying on pre-established management models, HR professionals will become increasingly more reliant on data analysis for solving problems. Seeking ITIL training may be useful in dealing with growing amounts of information.            

HR professionals will need to become accustomed to data analysis.HR professionals will need to become accustomed to data analysis.

HR employees will also work more closely with other parts of the business, including the IT department. This is due to flattening organisational structures and less rigidly defined job roles. 

Lack of software holding HR back

According to an Advanced Business Solution's survey, 73 per cent of HR employees believe that analytics software is important for strategic decision making. However, only 17 per cent have access to the relevant programmes needed.

HR was also the least likely to understand the nuances of this software, highlighting the need for IT governance training to evaluate risks and possible management issues. Out of the HR professionals surveyed, 30 per cent didn't know the difference between business intelligence systems and analytic systems.

"Without the right technology in place, HR departments will struggle to effectively nurture the talent of employees and obtain vital information, which can be transformed into actionable insight to help their company obtain a competitive edge," said Simon Fowler, managing director of Advanced Business Solutions.

As HR departments will likely become more involved with technology, it is vital that business leaders prepare their professionals early. Through improved IT literacy and understanding of how programs can be applied to their pre-existing tasks, HR employees will be better prepared for the future.

Addressing security concerns

Despite the many benefits that technology can bring to the HR department, it is also important to be aware of potential security concerns.

HR professionals were rated as the second-most likely department to cause a security issue.

In a survey conducted by security technology company Clearswift, global data security professionals were asked which parts of a company poised the biggest security risk.  HR professionals were rated as the second-most likely department to cause a security issue, with 42 per cent of respondents highlighting this risk area. 

There were two main issues that affected HR security; a particularly sensitive database and a lack of universal knowledge regarding proper security.

Heath Davies, chief executive at Clearswift, explained that HR intermediaries presented the biggest risk to a company.

"Middle aged, middle managers [have] access to the data but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure, and so may be more inclined to take risks," he said. 

Investing in information security training courses for your HR intermediaries may be a useful solution as the workplace digitises. 

Although technology will spur many changes in the HR department, the right training can help make sense of this new environment. With a strong IT knowledge, this particular area of business will excel in the future. 

Financial sector particularly sensitive to cybercrime

While cybersecurity is a universal concern across Australia, the finance industry is keeping a particularly careful eye on the online world of crime.

According to a recent PricewaterhouseCooper (PWC) report, insurance professionals collectively named cyberattacks as the number one threat to business  performance. This concern has advanced 13 places since the 2013 list, revealing how much of an impact recent events have had on this sector in particular.

The reason for such high concern is due to the sensitive data that insurers have access to. Databases contain highly personal information from customers, which include medical records, identity data and bank account numbers. 

PwC Australia's insurance leader Scott Fergusson highlighted the effect of changes in technology, which have lead to a number of challenges as well as opportunities. 

"The impact of wearable devices and connected cars will be significant – once consumers get a level of comfort around sharing data with insurers, the expectations of more personalised and customised products and premiums will quickly follow," he said.

Education, such as IT security training will be vital to protecting the financial industry as a whole in the future. According to David Whiteing, CIO at the Commonwealth Bank, there is a global shortage of skilled cybersecurity experts, as quoted in an August 27 ABC article. 

Many professionals in this industry fear that cybercriminals will outpace their ability to fight back. However, Whiteing stated that this is already the case in Australia. 

"What people need to realise is that the cyber space is highly specialised, it's highly collaborative, and it's highly unregulated – all conditions which allow cybercriminals to move very very rapidly," he said.

With the threat of cybercrime becoming more apparent, professionals in the finance industry may find they need to upskill though information security training courses. Cybercrime is becoming more sophisticated by the day and complacency is no longer an option. 

A new kind of spy: Cyberespionage in Australia

In an environment where businesses and government organisations alike deal with highly sensitive information, cyberespionage has become a critical threat to Australia. 

In 2013, the Australian Signals Directorate reported 940 cyberincidents involving government agencies, representing a 37 per cent increase from 2012. Due to these figures, a review into Australia's cybersecurity was ordered in November last year by the Prime Minister. This was published recently by the Australian Cyber Security Centre (ACSC) and gave some insight into cybersecurity risks in Australia, particularly cyberespionage. 

Compromises to online information can have huge economic consequences.

Cyberespionage is defined by the ACSC as "offensive activity designed to covertly collect information from a user's computer network for intelligence purposes". According to the ACSC's threat report, our country is a prime target for online menaces due to our wealth of resources, field expertise in manufacturing, technology and scientific research, and our relationships with other countries, including a influential role in the Indo-Pacific region.

As stated in the report, compromises to online information can have huge economic consequences. Cyberespionage is seeing an increase in many countries as this method offers high returns for little cost and risk to the perpetrator. Even if all other systems in a database are firmly protected, one weak link in the system can compromise valuable information.

The government has offered strategies that can stop at least 85 per cent of cyberattacks, including the use of application whitelisting, restricting access, and patching applications and operating systems. However, further information security training may be required to stop more sophisticated threats.

As more sophisticated cyber espionage groups emerge, business and government organisations alike are at risk.As more sophisticated cyberespionage groups emerge, business and government organisations alike are at risk.

Cyberespionage is gaining traction, with Symantec revealing its findings on the Black Vine group in a July whitepaper.

The cyberespionage group, active since 2012, was believed to be behind the February attack on Anthem Health Insurance that led to the exposure of over 80 million patient records. Black Vine may also be responsible for various attacks on the energy, aerospace, and healthcare industries, and use custom-developed malware that is constantly updated to avoid detection. 

Black Vine stands out as it is a well-funded and organised body, with links to many other actors in the cyberattack network. While most attacks are focused on IP addresses in the United States, there are risks they could move to more areas globally. 

Armed with increasing awareness of threats, Australia is in a better position to address issues of cyberespionage. However, both government and business professionals need to keep on top of changes and growing threats, possibly through ongoing information security training courses.

Hacking into cars: The risks of inter-connectivity

As more and more devices are able to be hooked up to the internet, hacking is not longer an activity strictly limited to computers.

As shown in a recent report conducted by Andy Greenburg for Wired.com, Charlie Miller, a security engineer at twitter and Chris Valasek, director of vehicle safety research at IOActive developed a software that could remotely control and sabotage a car. 

The video showed the two conducting a number of tricks on the car, from small nuisances such as turning the air conditioning and music to full blast, to more startling actions like bringing the vehicle to a complete stop on the highway. The driver of the car was unable to regain control of the system and was at the complete mercy of the two hackers who were miles away. 

While this experiment was conducted under safe conditions, the pair warned that more unsavoury characters could use these systems to create havoc for drivers. 

Many cars have been recalled in light of hacking dangers.Many cars have been recalled in light of hacking dangers.

Within a week of the video's release, FIAT Chrysler announced that it will recall 1.4 million cars to be fitted with software to attempt to stop hackers penetrating the driving systems of the cars. The intent was also to bring wider attention to other car manufacturers that more attention must be paid to ensuring the security of the internet systems in their cars.

Considering that the development of the first completely automated car is reaching new milestones, with the Google car hitting over 1 million miles driving, the implications of this are huge for both internet security and automobiles. These most recent events add more fuel to the ongoing debate around the internet of things and how safe these devices are from tampering. 

These most recent events add more fuel to the ongoing debate around the internet of things.

With more connectivity between devices comes increasing danger that hackers will tamper with a range of our most vulnerable possessions, such as mobile phones, cars and even our household systems. A 2014 report conducted by HP looked at the 10 most popular devices in various niches and revealed that 80 per cent of devices raised concerns around privacy. On top of this, 70 per cent did not encrypt communication to the internet and the local network.

There are ways to tackle the ongoing threat of device hacking. IT security training can help individuals and businesses understand the importance of protecting devices that are internet-capable. HP also recommended the introduction of security standards before the production of any interconnected device begins, which car manufacturers should now be more aware of due to these recent events.

Enterprise cloud spending to reach new highs

Those involved in either business or IT would have had to be living under a rock to avoid cloud computing, the wildfire trend that's grown from a buzzword into something even consumers are starting to utilise.

While many companies are still likely concerned about the IT security risks, others have pushed ahead, and that's why growth is now beyond what many would have ever anticipated. According to new figures from research organisation Telsyte, even Australia is a centre for cloud growth.

In fact, Australian cloud spending is poised to reach $800 million by 2019, as organisations continue to move workloads to third party providers and other off-premises locations.

"The adoption of cloud computing services is being driven by both traditional IT pressures and emerging technology," the Telsyte report noted.

"Cost reduction, time-to-market, scalability are ongoing traditional IT pressures CIOs face and this is being compounded by emerging workloads like big data analytics, Internet of Things and personal apps in the workplace."

Last year, IBM observed that 86 per cent of businesses used the cloud, at least in some capacity, and the market for cloud services will grow significantly over the next five years.

There's really no limit to what can actually be shifted across the cloud. Companies can use cloud-based video conferencing tools to ease collaboration, online file storage to eliminate and IT security and document management issues, and run customer service applications from a secure, always-online system.

Key to the success of any IT endeavour, however, is a strong backbone of highly trained staff. This means using a framework like ITIL, where best practice in IT is the top priority. After undertaking this training, businesses will have an assurance that cloud based systems are being kept secure, and staff are getting the most out of them.

Speak to ALC Training today to find out more about ITIL and our range of other powerful frameworks.

Upskilling: How do I get started and what courses are best?

There's no shortage of training courses to upskill your staff, whether your aim is improving their approach to IT security or perhaps how they approach running and managing projects. Courses such as SABSA, ITIL and COBIT 5 can make a substantial difference to the business once staff are certified.

Of course, you're likely wondering how staff can get started and what the best frameworks actually are. Let us break it down for you.

Have you thought about training?Have you thought about training?

How can I get started with a framework?

Before we delve into what the best frameworks are and what they can offer you and your staff, it's a good idea to understand how to actually sign up and get started. It's easy, especially when you go with an accredited provider like ALC Training.

Firstly, choose the framework, then figure out how you'd like to have it taught. The options are numerous:

A framework can be a great way to upskill.A framework can be a great way to upskill.

What framework is right for me?

There are a number of proven methodologies and frameworks available, and all of them are powerful ways of upskilling. If you're looking for yourself or for your team, consider each of the frameworks below.

There are other frameworks available, all of which can offer useful skills and knowledge. Once you've found a framework that suits your team, and a date that could work from our schedule page, either get in touch to find out more or sign up online!