Data deluge obscuring real cyber threats warns SAS

Australian businesses are drowning in a deluge of cyber security data, causing genuine threats to get lost in a sea of false positives, a top executive at multibillion-dollar business intelligence, analytics and data management firm SAS has warned.

In Melbourne last week to visit Australian clients, SAS cyber security vice-president Stewart Bradley said his company had joined the pantheon of vendors selling security services, as it believed greater use of analytics was required to analyse the unfathomable amount of threat data being generated.

“Organisations have largely tackled the security challenge through many different solutions that solve only small fractions of the problems they face,” Mr Bradley said.

“They have created a patchwork quilt of solutions … now they’re trying to get a better understanding of where their greatest risks are, and need a holistic view.”

Mr Bradley has spearheaded the growth of SAS’ cyber security division since it launched its first cyber security software suite in November last year.

SAS is one of the world’s largest private software firms and dedicates about a quarter of its $4.1 billion of revenue to research and development. It is poised to start offering its cyber security technology in Australia for the first time at the end of the year.

Its technology works by analysing how a machine should behave, thereby more accurately detecting significant security threats, even when the attack uses new security flaws or methods.

SAS will be targeting its Australian financial services clients, including the big banks, which already use SAS’ fraud detection software.

Converging threats

Mr Bradley said that in the past five years the threat to banks had transformed from one where individuals’ accounts were being fraudulently taken over, to mass compromises of user information and the sale of that on the dark web.

“The ecosystem of fraud and cyber has converged over the last five years. Now we’re seeing cyber events … where the ultimate monetisation of the breach is fraud,” he said.

“One of the biggest issues is that the environment is changing so rapidly from an attack perspective. All organisations are struggling to keep up … and the proliferation of bring-your-own-devices and the internet of things is eliminating the perimeter that was around organisations.”

Already the big four banks are said to be spending up to $100 million on cyber security measures each year and late last year Commonwealth Bank of Australia director Harrison Young said there was “approximately no chance that banks or even armies could keep hackers out of their systems”.

Mr Bradley said businesses would always be behind the cyber criminals, but by changing the approach to detecting cyber criminals to one that was less reliant on humans and more driven by computer analytics, it was possible to minimise their head start.

“We’ll always be in a situation where we’re trying to keep up with the cyber criminals. That’s the reality of the game we’re playing,” he said.

“Historically the protection of an organisation’s corporate assets has been focused on building a thicker and wider moat, but that’s no longer valid with the connectedness we have through the internet of things. It is shifting what organisations are doing from protection, to detection and response.”

Sector consolidation

The cyber security sector has become a hot spot for investors in recent times, leading to the creation of numerous players in the space.

Mr Bradley said that in 2015 more than 125 new cyber security vendors entered the market, and he tipped a consolidation of the sector.

“When the older players in the market are developing enterprise security platforms that allow integration across an organisation’s ecosystem, that’s what will drive vendor consolidation,” he said.

“Our role is to be the analytics fabric that can support the integrated security platforms to be able to make sense of the data that is being shared.”

By: Yolanda Redrup

Posted On: http://www.afr.com/technology/web/security/data-deluge-obscuring-real-cyber-threats-warns-sas-20161108-gskham

 

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.

Optus Bids to Become Cyber Security Player With $8 Million Operations Centre

Optus has invested $8 million to create a new Advanced Security Operations Centre, which it hopes will position the telecommunications giant as a leading cyber security player.

The announcement from Optus follows the unveiling of an $8 million partnership between the telecommunications giant and La Trobe University last week, which will see the organisations develop a new cyber security degree and create a new high-tech sports park.

Managing director of Optus Business, John Paitaridis, told The Australian Financial Review that cyber security was now the largest area of investment for Optus Business.

“We know that cyber security and cyber crime is a major issue here in the Australian economy … costing about $1 billion a year,” he said.

“We’re embedding cyber security into everything we do, be it our networks, internet services or gateways … Our perspective is that as a major telco and network operator, we’re uniquely placed to support customers for distributed denial of service (DDoS) and other cyber advances.”

The new centre is one of nine global centres through Optus’ parent company Singtel and Trustwave, which Singtel acquired for $US810 million ($1.06 billion) in 2015.

Sought-after protection

Optus will provide a managed security services business as part of the centre, for which it has partnered with FireEye, Palo Alto Networks, Checkpoint and Akamai to bring customers what it sees as the best cyber security products under one package.

“Akamai again has great DDoS capabilities, Palo Alto has some incredible next-gen firewall capabilities, FireEye is one of the leading threat intelligence organisations. and CheckPoint has incredible mobile threat capability,” Mr Paitaridis said.

“Organisations are looking for a cyber partner who can protect their devices and various digital assets … employee and customer data.”

The Optus ASOC will share threat intelligence with the other global centres (located in the US, Canada, Poland, Singapore and the Philippines) in real time, with the information on critical threats then communicated to its customers.

On top of cyber defence technologies, Optus will also work with businesses and government organisations to develop incident response plans and work with boards to help educate them about their responsibilities.

Earlier this month popular websites such as Netflix, Reddit and Twitter ground to a halt after a DDoS attack hit Dyn, a US company that helps people connect to websites by translating URLs into numerical IP addresses.

Mr Paitaridis said this DDoS attack should serve as a “wake-up call” to local companies.

“There are many organisations working with us that have DDoS mitigation strategies in place … but there are many that do not,” he said.

Responding to the attack last week, Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, told The Australian Financial Review the country needed to be “constantly vigilant” as online threats evolved, and said information sharing was critical to this.

“Government, business and individuals are facing the same threats, and often the same adversaries, so sharing knowledge about threats and how to combat them will help strengthen everyone’s cyber security,” he said.

In the past year Optus has invested tens of millions of dollars in cyber security initiatives, such as the new centre.

As well as partnering with La Trobe University, the telco joined forces with Macquarie University, investing $10 million in the creation of the Optus Macquarie University Cyber Security Hub on campus to tackle the cyber skills shortage.

It has also partnered with Data61 on its Melbourne Cyber Security and Innovation Hub, which will create 140 jobs over three years, and launched the Optus Digital Thumbprint – an education program in schools focused on online cyber safety.

By: Yolanda Redrup

Posted on: http://www.afr.com/technology/optus-bids-to-become-cyber-security-player-with-8-million-operations-centre-20161019-gs5qt7#ixzz4PTmwx98S

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.

 

ASX and ASIC Launch Big Company Cyber Health Checks for Top 100 Firms

The ASX and the corporate regulator have launched a new initiative to improve the cyber security defences of Australia’s biggest companies, urging the exchange’s top 100 firms to have a Cyber Health Check.

The program forms part of the federal government’s cyber security strategy that was launched earlier this year and it has been developed alongside professional services firms KPMG, Deloitte, EY and PwC and CERT Australia and has been based on a similar initiative in the UK with the FTSE 350.

ASX group executive Amanda Harkness said the sharing of best practice approaches was critical to businesses.

“Increased awareness and engagement by directors of listed companies are important steps in building the cyber resilience of Australian businesses,” she said.

“The better informed boards become, the more effectively they can assess their cyber security risks and opportunities, identifying areas where improvement is required.”

The initiative comes as the government has introduced a bill to bring in the long-awaited mandatory data breach notification rules, which will mean companies that have been breached or have lost data will need to report the incident as well as notify customers that have been directly impacted.

If a company fails to do this, they will face fines of up to $1.8 million for organisations and $360,000 for individuals, but the laws only apply to companies turning over $3 million or more.

Ms Harkness said participation in the program would assure shareholders of the top 100 companies that cyber security was a board priority.

“We encourage Australia’s largest listed companies to play their part,” she said.

Participants in the health check program will respond to a series of multiple choice questions such as what risk factors apply to their company, if they have a clear understanding of their company’s data assets and key information, and if they receive high level intelligence from the chief information officer or head of security.

They will also be asked if the company engages external parties to perform penetration testing, if they use public cloud servers and how significant a risk cyber security is in their opinion.

Cyber security breaches have been estimated to cost local businesses $1 billion a year

Late last month the Australian Red Cross Blood Service was forced to apologise after the details of 550,000 blood donors was leaked online.

In August it was also revealed that Austrade and the Defence Department’s research division, the Defence Science Technology Group, had been attacked numerous times in the past five years by cyber criminals based in China.

By: Yolanda Redrup

Posted on: http://www.afr.com/technology/web/security/asx-and-asic-launch-big-company–cyber-health-checks-for-top-100-firms-20161109-gsl77l#ixzz4PTjMSjL4

Brisbane Hosting & Website Hosting’s products and services include Website Hosting, Domain Names, DNS Services, Website Development, Website Design, Website Revamps, Website Maintenance, Social Media Campaigns and more.

Contact Brisbane Hosting on (07) 3889 2977 or via email info@brisbanehosting.com.au for further information and quote today.