At this point, hopefully your organisation’s data security is up to scratch. The Notifiable Data Breaches scheme is in full effect for organisations who have obligations under the Privacy Act. Organisations should by now have conducted rigorous assessments of their data security and have comprehensive mitigation and response strategies in place.
Everything from individual security protocols and education to the strength and number of your firewalls should be analysed, weak points addressed and fail-safes for identifying and reporting breaches established.
However, your data security can’t be static. In 2018, threats to your
business move faster than ever before – the same technology that
amplifies your organisation’s capabilities also provides
new entry points for malicious entities. You need to ensure you are
protected from the latest threats that will otherwise bypass your legacy
security systems. Here are three warnings that the
Government’s Australian Cyber Security Centre (ACSC) wants you to know
about.
1. Risks with Meltdown and Spectre patches
In January, the ACSC reported on difficulties faced by organisations that attempted to patch operating systems to protect against Meltdown and Spectre. Microsoft released these updates, but they proved incompatible with many existing security systems. In fact, Intel reported that there was a risk of information loss or corruption, as well as general system instability.
Even patches from trusted, household names can sometimes fail to
remediate your data security. A new patch variant has been released to
mitigate these risks, and monthly security updates from
Windows can help to address any issues.
2. Bitcoin mining through Texthelp
Everyone wants to get their slice of the Bitcoin pie, and that goes double for malicious cyber criminals. On February 12, the ACSC alerted consumers to the presence of an unauthorised mining system, embedded in Texthelp’s text-to-speech plugin, called BrowseAloud.
While a breach of trust, the ACSC advises this is not a full-blown data breach. Over 4,000 websites that featured the BrowseAloud functionality had their websites infected with Coinhive code. Coinhive generates Monero – a type of cryptocurrency. Texthelp took the plugin offline for a full examination of how the miner was inserted.
This is a good example of early detection, even if the breach was not
designed to cause harm to those using the plugin. All told, The Guardian
reports that the cryptocurrency mining netted the
hackers $24 – hardly a worthwhile day’s work.
3. Vulnerabilities in Cisco software
Cisco produces a great deal of software, for anything from analytics to unified communications. In February 2018, they announced the discovery of vulnerabilities in their security products and firewalls that could lead to denial of service attacks or remote code execution.
The weakness could enable malicious entities to execute meaningless
filler code, taking up memory and forcing a reset of your system or
rendering it unable to approve VPN authentication requests.
Take the next step with your data security
These 2018 cyber security threats have been dealt with swiftly by the parties responsible for patching them. It is essential that system administrators ensure that patches are deployed as soon as possible in a systematic and controlled way.
It’s a 24-hour job, and that’s a big requirement – even for larger organisations with dedicated resources. Labour hours, technological know-how and the ability to execute restorative action are all must-haves in this environment. That’s why managed security services can be so critical. By handing the reins over to trusted, local experts that are on hand at all hours, you can get the best for your business without you personally needing to stay on top of every new threat or development. Learn more about Over the Wire’s managed security here.
There is no true endpoint in data security. Threats continue to evolve, so security systems must be in a constant state of change. Take the first step of improving your data security by downloading our 24 page cyber security eBook.
For expert advice on how to improve your data security, contact the Over the Wire team today or complete the form below and one of our friendly team members will be in touch with you shortly.