Cyber-attacks are a real and present threat for all businesses. With malware becoming more sophisticated and capable of outsmarting traditional anti-virus technologies, it is important for businesses to stay abreast of new security threats and methods of mitigating them.

Until recently security strategies have been mainly reactive, meaning that experiencing negative consequences has been the only way for threats to be detected and dealt with. The emergence of Advanced Persistent Threats (APTs) and intrusion vectors mean that the cost of waiting for a breach to occur is simply too high. APTs lurk undetected for long periods, generally on the systems of specific targets, before stealing or corrupting high quantities of data. And common intrusion vectors such as emails sent with malicious links and attachments, fake or manipulated websites that download viruses manipulates a person, overtly or otherwise, into performing actions of divulging confidential information. Other tried and true methods of prevention such as patching by software companies are inadequate when dealing with zero-day attacks, where the malware targets the software vulnerability before the software vendor is even aware of it.

Deception technology may provide some hope for addressing APTs, intrusion vectors, zero day events and other new sophisticated threats as it is more proactive than traditional anti-virus software. Deception technology automatically deploys a network of camouflaged malware traps that are intermingled with and appear identical to real data, therefore deceiving the cyber-attackers. The fake data or assets are known to all legitimate users so when they are accessed it is clear that an attacker is present in the network. The real-time automation then isolates the malware and delivers a comprehensive assessment directly to the security operations team. This technology will shift the cost of cyber-attacks to the attacker, making it less rewarding for hackers, effectively changing the rules of the game entirely.

While deception technology is still in the early stages of development the research company Gartner has already predicted that 10% of enterprises will use this technology by 2018, with many actively participating in deception operations against attackers.

[1]

There is great potential for deception technology. Certainly companies which place a premium on protecting the data of their customers will need to find a way of securing it to a greater degree than at present.

 

Fast Facts

Who is at risk?

  • Telstra’s inaugural Cyber Security Report found that 41% of organisations it surveyed had been the victim of a significant security breach in the past three years.[2]
  • Small businesses are also vulnerable with 72% of data breaches analysed in 2011 taking place at companies with less than 1000 employees.[3]
  • Last year K-Mart, David Jones and Aussie Farmers Direct were among the large Australian corporations that were victims of high profile cyber-attacks.

What are the effects?

  • A recent Roundtable of Business Leaders found that data breaches cost Australian businesses on average over $2.5 million dollars a year.[4]
  • It takes 23 days for an organisation to resolve a cyber-attack on average and the average breach consisted of access to over 20,000 records.[5]
  • A Computer Emergency Response Team (CERT) Australia and Australian Cyber Security Centre survey found that of companies who had experienced a breach 23% experienced a loss of confidential information.[6]

What can you do?

  • The Department of Prime Minister and Cabinet has recently issued Australia’s Cyber Security Strategy Report,[7] which will be the subject of another of our upcoming blogs.

 

If you need help with putting in policies and procedures to protect against cyber-attacks and data breaches, our experts can help you. Contact us to get advice from our experienced privacy lawyers.

 

Reference: [1] Heather Levy, Riding the Deception Wave, 23 March 2016, Gartner Inc. [2] Telstra Corporation Limited, Telstra Cyber Security Report 2014, pg 30. [3] Verizon, 2013 Data Breach Investigations Report, pg 12. [4] James Nunn-Price, Deloitte Hosts Parliamentary Secretary Roundtable on Cyber Security with Australian Business Leaders, 6 August 2015, Deloitte Touche Tohmatsu. [5] Ponemon Institute, 2014 Cost of Cyber Crime Study: Australia, pg 23. [6] Australian Cyber Security Centre, 2015 ACSC Cyber Security Survey: Major Australian Businesses, pg 17. [7] Department of Prime Minister and Cabinet Australia’s Cyber Security Strategy, 2016.