Social - Clear

Company Slogan

THE STRAIGHT TALKING ALTERNATIVE

Social - Clear

How to spot (and stop) router compromise

How to spot (and stop) router compromise Router compromise. Hardly the most nerve-wracking phrase in the cybercrime lexicon, but one that is a fast-increasing threat for every single Australian business. Last year saw widespread warnings about router security, with computer electronics company ASUS identifying vulnerabilities in its hardware and the Australian Cyber Security Centre (ACSC) noting that many organisations lost critical configuration files due to router compromise.

It's an issue that every organisation needs to put on their data security agenda - has yours begun the process?


What is router compromise, and how does it work?

Router compromise is a fairly sophisticated form of data breach. Malicious entities conduct automated scans of routers to identify hardware that is vulnerable to an attack. This enables an adversary to extract configuration files, from which point they may be able to control or manipulate any devices that connect to your network, as well as the Internet connection itself.

In most cases so far, cyber attacks on routers have focused on those with Simple Network Management Protocol (SNMP) that is exposed to the Internet. This is a default setting, usually established during the setup of a network. While many organisations turn SNMP off after this process is complete, many more have left it open, creating risk of compromise. The ACSC has noted that router switches with Cisco Smart Install exposed to the Internet are also susceptible to router scanning and hacking.


How can you identify router compromise?

If your organisation's router has this exposure to attacks, there are some straightforward checks that network administrators can take immediately. You should check network logs for:

  • Unexpected SNMP queries; or queries of unknown origin.
  • Command outputs or network configurations that have come from outside sources - particularly through Trivial File Transfer Protocol (TFTP).
  • Configurations that apply to GRE tunnels you would not expect changes to.

If any of these red flags emerge, it may be time to conduct a thorough assessment of the threat, in line with the Notifiable Data Breaches scheme guidelines from the Office of the Australian Information Commissioner.


How can you prevent router compromise?

The first step in prevention is the simplest - if your router has SNMP which is exposed to the Internet, disable it. If you require read/write capabilities with your SNMP, ensure it cannot connect with unauthorised or untrusted third parties. Alternatively, you can upgrade your SNMP to version 3 and adjust all of the community strings to an appropriate setting.

Similarly, for Cisco router users, if you do not require Cisco Smart Install to be active, disable it. You can also begin using Access Control Lists (ACL), which limit the access SNMP has to network configurations. Finally, you can configure your anti-spoofing protocols to drop any packets at the edge of your network which come from unauthorised sources.

The ACSC is also proactively scanning Australian IP address ranges, looking for vulnerable or compromised routers.


Mitigate the impacts of router scanning today

Click here to download the eBook If your organisation suffers a router compromise-related attack, the costs can be far-reaching. Beyond the money spent eradicating the threat and hardening/patching your systems, significant data breaches require comprehensive follow-up action with both the OAIC and any affected third parties.

Hardware may need to be replaced, staff upskilled, and consumer relations or company reputation may suffer irreparable damage if an attack threatens an individual's safety.

Cyber criminals are becoming more and more sophisticated, with router scanning just one example of new ways your systems can be breached. To stay on the cutting edge of data security, it's critical you work with partners who can provide around-the-clock service, proactively anticipate threats and shut down risks before they spread.

To learn more about router vulnerability and other cyber risk areas, our 24 page eBook, IT Managers: Set your Network Defences to Stunning, is a great resource with tips you can use to identify, contain and prevent cyber security threats. You can download it here.

That's the difference Over the Wire will make. Contact the team today to find out more.

The Timeline of a Data Breach

Since the inception of the Notifiable Data Breaches (NDB) scheme in Feburary 2018, data breaches are required to be reported and Australian businesses have even more responsibility to demonstrate an aggressive approach to managing cyber-risk. To help businesses understand how this process works we've prepared the following infographic.

Over the Wire provides a 24/7 protection and notification managed security service, with local specialists on hand to monitor and mitigate any threats to your company. Find out more about our security service here.

Please share this infographic to your social accounts via the above share buttons.

Countdown to Chaos: The Timeline of a Data Breach Infographic

How we can help

Click here to download the eBook



Over the Wire provides a 24/7 protection and notification managed security service, with local specialists on hand to monitor and mitigate any threats to your company. Find out more about our security service here. Or complete the form below.

To understand more about how breaches occur and how to prevent them, our 24 page eBook, IT Managers: Set your Network Defences to Stunning, is a great resource with tips you can use to identify, contain and prevent cyber security threats. You can download it here.

5 ways your business can prevent email compromise

5 ways your business can prevent email compromise The Federal Bureau of Investigation (FBI) has stated that between October 2013 and May 2016, cyber criminals scammed $3.1 billion from over 22,000 victims in at least 79 countries through business email compromise (BEC).

At the core of business email compromise are spoofed emails - communications that have forged headers, addresses or signatures to make them look authoritative and trustworthy. They often request fund transfers or sensitive information that can result in large-scale data breaches.

Business email compromise doesn't discriminate by company size - the smallest organisation can be hit just as hard as a large corporation. Here are five suggestions to help protect your business.


1. Use Sender Policy Framework (SPF)

SPF is a critical tool for differentiating authentic emails from spoofed ones. When you establish an SPF, you can create a safe list of domains that your organisation approves for communication - for example, your own internal domain.

It will then conduct a verification of every incoming email and will send a warning if the address does not match the approved list of domains. You can then decide to analyse, quarantine or delete suspicious emails before they reach their intended destination. A variant of this system is Microsoft Exchange's Sender ID.


2. Register domains similar to your own

A common tactic used by cyber criminals is sending emails that look similar to your own - for example, replacing a lower-case L with the number 1. At a glance, this can fool many people into thinking they're receiving official communications.

One way of preventing this tactic is simply to identify all potential imitations of your domain, and register them yourself. Make sure you update these registrations on a regular basis, so they can’t be taken over by malicious entities upon expiry.


3. Add a 'hard fail' record

The Australian Signals Directorate (ASD) states that a hard fail record is a core element of preventing spoofed emails. With an SPF, unauthorised email domains can still reach the end user, but with a warning that the message comes from untrusted sources.

By configuring DNS settings to add a 'hard fail' record and setting this to a rigorous action, you can ensure communications from unauthorised domains go straight to spam or trash folders. This could also apply to emails sent from company addresses, but not company servers - another red flag to watch.


4. Educate your employees

Research from the Ponemon Institute and IBM shows that 27 per cent of data breaches are due to staff or contractor negligence [1]. By educating your employees on the dangers of business email compromise, you take a critical step towards prevention.

Train employees on their role in information security and educate them on email spoofing and spearphishing. Make sure they understand each and every red flag to look out for. You can also implement processes that mitigate the risk of falling prey to spoofing, such as requiring a phone conversation or face-to-face confirmation for any financial or informational transfer.


5. Use application whitelisting

This addresses a symptom of email compromise rather than the cause, but is nonetheless important. Application whitelisting is part of the ASD's Essential Eight, and entails limiting the applications that can be opened on your data network. It prevents the possibility of malicious programs from opening, and can further alert people to potential compromise when they try to open an attachment from a spoofed email.


Get the best for your business

Click here to download the eBook Business email compromise is all too common in Australia, but there are tangible steps you can take to mitigate the risks. Of course, this can be a complex process for businesses that are not well-versed in cyber security - this is where Over the Wire can help.

Our managed security services take over the administrative responsibility for your day-to-day protection and give you 24/7 cover from all manner of cyber threats. Contact our team to find out what we can do for you.

Learn more about the primary areas of cyber risk in our 24 page eBook, IT Managers: Set your Network Defences to Stunning, you can download it here.



[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)



Do you understand the consequences of an Australian data breach?

The consequences of a data breach are extensive. The impacts of a data breach stretch far beyond the immediate consequences from the loss of critical information and the cost of mitigating the spread. According to 51 percent of respondents to a Ponemon Institute study[1] who experienced a data breach in the last two years, the impact is much wider and it's critical that you take action.

By assessing the ways in which a data breach would affect your data networks and operations, you can begin to implement prevention strategies to mitigate the risk.

[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)


1) Financial consequences of a data breach

According to the Ponemon Institute, the average cost of a data breach is $139 per compromised record, with slight variations depending on the cause:

  • $154 per record compromised due to a malicious attack.
  • $130 per record compromised due to a system glitch.
  • $121 per record compromised due to employee or contractor error.

This may seem minuscule, but 41 per cent of respondents to the Ponemon Institute had more than 1,000 records affected by a breach in a 24 month period - which takes the immediate cost impact of a data breach to over the $100,000 mark.

For publically listed companies, research shows that stock prices drop 5 per cent in the aftermath of breach disclosure. The time that it takes the share price to recover will extend if the organisation has poor response processes. Meanwhile, failure to comply with the new Australian Notifiable Data Breaches (NDB) scheme can net fines as large as $2.1 million.

Prevention is the best strategy - cyber criminals do not discriminate by business size, and these costs have the capacity to break smaller Australian businesses.


2) Reputation consequences of a data breach

With mandatory disclosure of serious breaches now in place for many Australian businesses, managing damage to reputation is a must. Of the average $139 lost per compromised record, only $60 is attributed to direct action such as containment and assessment.

This means more than half the cost of a data breach can be attributed to indirect consequences, such as managing customer turnover in the wake of the event. Some industries are more susceptible to high churn than others - financial services and tech companies, where there is an expectation of high security measures, are hit especially hard.

Marketing campaigns, hiring media management and building customer trust following a data breach takes time and money. Avoiding such situations in the first place is the ideal.


3) Legal consequences of a data breach

The NDB scheme has put much greater requirements on Australian organisations when they identify a data breach. Beyond the costs of detection, containment, hiring external parties (like lawyers and data forensics teams) and reporting, there can be significant legal consequences.

Reporting may have to be disclosed to the ATO, ASIC, ACSC or even the Federal Police, depending on the breach. Failure to uphold obligations under the Privacy Act 1993 may result in legal proceedings, while financial penalties from the Office of the Australian Information Commissioner (OAIC) can reach as much as $2.1 million.


Manage and prevent a data breach with a security partner

Beyond the costs to your organisation, data breaches have the potential to inflict serious harm on individuals connected with your company. If not swiftly addressed, customers' private and financial information may be compromised. Fraud and identity theft are just some of the possible consequences highlighted by the OAIC.

The smallest breach can have wide-ranging and costly impact. To mitigate the risks, look into using managed security services. At Over the Wire, we provide 24/7 protection and notification, with local specialists on hand to monitor and mitigate any threats to your company. Get in touch to find out how we can help.


Over the Wire Collaborates with Judo Capital to Deliver Working from Anywhere

Over the Wire collaborates with Judo Capital to Deliver Working from Anywhere Over the Wire is partnering with Judo Capital to launch Australia's first true challenger bank, purpose-built to become a trusted ally and partner to Australia's small and medium sized businesses.

Judo Capital is founded on the belief that the financing skills needed by the SME (small and medium-sized enterprise) community have been lost to increasingly centralised functions and cookie-cutter lending policies.

Judo’s mission is to put experienced and empowered relationship focused lenders back in customers premises, going against the industry trend by putting the customer experience first and foremost by ensuring Judo’s team can make credit decisions on the quality of the business, not just the quality of the security.

To do so, Judo looked to Over the Wire to deliver a network that enables its staff to work simply and securely from anywhere. By integrating Over the Wire’s Private Network, Voice and Network Security capabilities, both parties were able to collaborate on the design and implementation of the environment.

Alex Twigg, Judo Co-Founder says, “Starting with a blank sheet of paper is a fabulous opportunity but it’s not easy and wanting to flip an entrenched industry model on its head makes it more difficult again. We had to find likeminded technology partners that wanted to go on a journey with us, to make a difference. The OTW team got it from day 1 and the Network capabilities they delivered, just worked. We could focus all our efforts on creating a customer centric business, rather than how to enable our team to securely work from anywhere.”

With the strength and depth of OTW capabilities, Judo Capital is creating a secure, flexible and robust network infrastructure that is able to overcome substantial barriers to entry in a fraction of the time it has traditionally taken, and at minimal cost.

Judo’s eye is on the future, and the team have built a technology platform that removes the restriction of having to work within a specific location. With the network Judo can not only deliver flexible working but is ready to roll out to Australia through pop-up offices and roaming team members.

Michael Omeros, Managing Director at Over the Wire, says, “We’ve been delighted to work closely with Judo Capital and its founding team who have embraced a forward-thinking approach to their IT&T. We have been able to deliver a private data network, Hosted PBX voice services, data centre colocation, and advanced Managed Security offerings to Judo, but the real value has been how all of these elements integrate together.”

“For example, we have been able to provide Judo with virtual mobile numbers for their staff which still track calls through the phone system, but can be answered on our mobile softphone application. Not only does that give their staff the ability to make and receive calls anywhere, but it also gives them the ability to have a truly mobile workforce.”

“We’re excited for the next phase of their roll-out which will introduce pop-up offices and roaming staff securely connected to the private network with our Layer 2 Private Mobile 4G data service. This will give their mobile workforce secure access to their corporate network by entirely bypassing the public Internet.”

For further details please contact the Over the Wire team at info@overthewire.com.au or the Judo Capital team at info@judocapital.com.au

Judo Capital is a registered trademarks of Judo Capital.

What you need to know about the Notifiable Data Breaches Scheme

What you need to know about the Notifiable Data Breaches Scheme The Australian data security landscape has profoundly changed. On February 22, 2018 the Australian government's Notifiable Data Breaches (NDB) scheme came into effect, requiring all organisations to report NDBs to those individuals affected.

It's a crucial step for Australian cyber security, but it's one that means organisations all over the country will need to completely revamp their relevant strategies and policies.


How does the Notifiable Data Breaches scheme work?

The Office of the Australian Information Commissioner (OAIC) is an independent Government agency, that is responsible for administering the principles of the Privacy Act 1988.

As the OAIC notes, the NDB scheme directs organisations covered under the Privacy Act 1988 "to notify any individuals likely to be at risk of serious harm by a data breach". They must also inform the OAIC as soon as possible.

The scheme aims to improve corporate transparency around data breaches and to foster "consumer and community confidence" in the large data networks that hold personal information. It also enables individuals to minimise the damage caused by a data breach as quickly as possible.


What qualifies as a Notifiable Data Breach?

There has been some debate about this, with a recent PricewaterhouseCoopers paper debating the strength of 'serious harm', and noting that it could be open to interpretation or argument. However, the OAIC notes that an NDB will likely include:

  • Theft or loss of a device containing personal information.
  • Hacking of central databases that hold personal information.
  • Accidental or malicious disclosure of personal information.

The Equifax breach of 2017 is a prime example of this at a high level, while at a small scale an NDB could be as simple as sending a small business' financial information to the wrong email.


Who must comply with the Notifiable Data Breaches Scheme?

All organisations covered by the Australian Privacy Act must comply with the Notifiable Data Breaches scheme. The following are examples of those who will have an obligation to notify any data breaches:

  • Businesses and not-for-profit organisations with an annual turnover of greater than $3,000,000.
  • Federal government bodies and private health organisations.
  • Small business operators: Those with turnover of under $3 million who provide health services, trade personal information, report on credit, or are related to an APP entity.
  • Credit reporting bodies: Including those with turnover of more than $3 million.
  • Credit providers.
  • Tax File Number (TFN) recipients.

How can organisations notify individuals?

Ideally, organisations subject to a data breach should notify affected individuals directly, as well as presenting a statement to the OAIC. If the organisation cannot get in touch with all individuals, they can reach out to only those at risk of serious harm. If the organisation cannot inform any individuals, they must publish the OAIC statement on their website and take all reasonable steps to let impacted parties know about this.

Notifications should include a description of the breach and the type of information at risk, as well as the organisation's own contact details and steps individuals should take to mitigate the risks of the breach.


How can businesses identify Notifiable Data Breaches?

This can be more difficult. If an organisation knows with certainty that a Notifiable Data Breach has occurred, it must take the above steps as quickly as possible. However, in many cases a business will simply suspect a data breach has taken place, without concrete evidence of it or its impact.

In these cases, the OAIC requires operators to take all reasonable assessment steps within 30 calendar days of first becoming aware of the potential for a breach. This should be a "reasonable and expeditious" assessment, have a risk-based approach, and remain in line with the business' own data breach response planning.


What can businesses do to be prepared?

Click here to download the White Paper If your business will be impacted by this change, it is important to conduct a rigorous assessment of your data security. Everything from individual security protocols and education to the strength and number of your firewalls should be analysed, weak points addressed and fail-safes for identifying and reporting breaches established.

To get you started our white paper, 6 Steps to Improve your Business Cyber Security, is a great resource with tips you can put into action immediately to help protect your business and avoid data breaches. You can download it here.

For a more comprehensive look at your company's security policies, our experts can work with you to evaluate your current data security provisions and find ways to improve them. Let us help you today.

OTW #74 in Financial Review Fast 100 - 2017

Financial Review Fast 100 - Over the Wire ranked 74 The Australian Financial Review has released the Financial Review Fast 100 list for 2017, comprising of Australian businesses that have shown consistent, high growth over time. The rankings were calculated on a 3-year average of year-on-year growth percentage.

In the FY15 - FY17 period Over the Wire achieved an average year-on-year growth of 37.1%, which placed us at Rank 74 on the Fast 100 list. We’re very pleased with this outcome, and could not have achieved it without the amazing commitment from our team and the fantastic ongoing support from our clients - thank you!

Topping the list this year, with a staggering 464.8% average year-on-year growth over the 3-year period, is TripADeal. Congratulations to founders Norm Black and Richard Johnston, along with all of the other Fast 100 companies.


VPN Solutions joins the Over the Wire family

VPN Solutions - An Over the Wire Company The completion of the acquisition of VPN Solutions Pty Ltd by Over the Wire Holdings Limited (ASX:OTW) has taken place today, on 1 November 2017. Commenting on the acquisition, Managing Director Michael Omeros said,

“The acquisition of VPN Solutions is a great outcome for the Over the Wire group. It expedites our existing geographic expansion progress into New South Wales, as well as creating a presence in South Australia. Our selective quality acquisitions and strong organic growth ensure that we continue to execute on our strategy for growth, and we look forward to a positive 2018.”

We're excited to welcome them into the team, and look forward to an exciting future together.


About VPN Solutions

VPN Solutions is a telecommunications company that delivers business grade solutions to the Australian SME and Enterprise markets. Employing 21 staff and headquartered in New South Wales, VPN Solutions delivers managed networks to approximately 150 business customers. VPN Solutions prides itself on being able to successfully deliver complex solutions with a strong focus on customer service. For more information visit www.vpnsolutions.com.au.

Innovation Award for Private Mobile Data services

Optus 2017 Innovating for Excellence Award received by Over the WireOver the Wire and Telarus have received the Innovating for Excellence Award from Optus for our work around Private 4G networks. Michael Omeros (Managing Director) and John Puttick (Chairman) attended the event in Sydney, which was presented in front of many of Optus' wholesale clients.

The work involved in developing these Private Mobile Data capabilities evolved over several years, requiring significant input from Optus as the mobile carrier, hardware vendors, and staff - with special thanks to Jason Bednar and Robert Grace from the Telarus team for their efforts. Their work has culminated in the Private Mobile Data offering we now have available, along with the creation of a low-cost private network failover option for our MPLS clients. We believe this will have a significant positive impact on the data network market through the addition of a path-redundant, low cost, private network backup service.

If you'd like to know more about how you can implement automatic failover to a Private Mobile Broadband service on your existing data network or Internet connections, speak with our team today.

Additional NZ network presence planned

Additional OTW PoP planned for Albany, New Zealand Over the Wire is proud to announce that we are establishing an additional network Point of Presence (PoP) in Albany, New Zealand, with anticipated completion in early November of this year, bringing our total number of active PoPs to 25 across Australia and New Zealand.

The decision to add an additional network location within New Zealand, on top of our PoP in Auckland established in 2012, has been made to add further redundancy, as well as increase our reach within the New Zealand market.

Once in place the new network design will include connectivity between the two NZ PoPs, as well as diverse connectivity back into the main Australian MPLS core network. No disruption to client services is expected throughout this process, and the end result will be one step closer to being able to provide a more complete service to our neighbours across the ditch.

OTW currently uses reach into New Zealand to connect branch offices back into Australian networks, as well as carrying telephony traffic. Want to know more? Talk to us today or check out our video on Wide Area Network Configurations.

Pages