Australian Spy Data Helps Business Cyber Threats

Uploaded on 2017-08-15 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Small and medium-sized businesses in Australia will be the big winners under the government's plans to share cyber-security data collected by the nation's intelligence agencies.

Under the plan announced in May, declassified data from the Australian Signals Directorate (ASD) will be shared with telcos and Internet service providers (ISPs) so they can develop more advanced products to combat growing cyber security threats.

Telstra director of security Neil Campbell said the data will make it easier for cyber security providers to create better targeted, more cost-effective products for small and medium sized businesses, which often don't consider cyber safeguards.

"This is where I think we have the opportunity to really make a difference," Mr Campbell said. "We have the opportunity to deliver at such a scale we can make it cost-effective for our customers."

The data provided by the government includes what are known as indicators of compromise (IOCs), which are generated during different stages of a cyber-attack and can represent or indicate that a compromise has been attempted or successful.

ISPs will be able to merge IOCs collected by the government with their own to create massive datasets which can be used to analyse, identify and develop active solutions to combat emerging or previously unknown cyber threats.

Big Data Benefits

"The more data you have, the more context you have, the more opportunity you have to find aberrant behaviour on the network or malicious behaviour on the network," Mr Campbell said.

"Putting systems in place to identify those and then taking what you learn in one part of the Internet and then applying it to people who would be vulnerable to that attack in another part of the Internet, that's where you go from passive to active.

"You get to the point where you start to create herd immunity because if one of your customers or half-a-dozen of your customers gets affected, you learn about it quite rapidly and you're able to inoculate the others against the threat."

In an interview shortly after the May announcement, Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, said he hoped the data sharing would result in better products for Australian small businesses.

"What we're calling on the private sector to do is look at what products do they have or can they develop which will help protect those organisations which don't have the human resources or the financial resources to dedicate to keeping themselves cyber secure," Mr Tehan said.

Risk Versus Reward

Mr Campbell said cyber security often doesn't occur to small businesses because they're so focused on getting on with the job. But in some instances, businesses have been forced to close their doors because of cyber-attacks.

"I think they don't have the means, they don't necessarily have the motivation. Because given the choice between reinvesting your revenue in staying alive or growing versus covering off on risk, you know where the money's going to go."

"It's our job to give them the products and services that allow them to manage that risk cost effectively without having to become an enterprise or cyber security expert."

Between July 2015 and June 2016, the Computer Emergency Response Team (CERT) responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest and critical infrastructure. "Cyber-crime is pretty much widespread," Mr Campbell said.

The government has committed $630 million to combat cyber-crime which is conservatively estimated to cost the Australian economy $1 billion each year.

AFR

You Might Also Read: 

Australia Implements Mandatory Data Breach Reporting:

Australia’s Sharp Turn To Information Warfare:

 

« Insiders Are The Cause Of Most Healthcare Breaches
Singapore’s Mounting Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

SecuPedia

SecuPedia

SecuPedia is a wiki-type platform that collects and provides the entire knowledge of security and IT security.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.