itb-au logo
Story image

Experts comment on Aus Parliament breach

11 Feb 2019

Late last week, Australian security agencies reported they were looking into a security breach of the Federal Parliament’s network. 

The Federal Parliament has said in a statement that authorities have yet to detect any evidence that data was stolen as a result of the breach. 

Here’s what security experts have to say about the breach and the possibility of it being a thwarted nation-state cyber attack:

LogRhythm APAC sales director Simon Howe

The attack on the Australian Parliament is a timely reminder for both citizens and those in power to take note of the Australian Signals Directorate’s (ASD) Essential 8 recommendations for cyber hygiene and for ongoing awareness and education of the potential harm which an attack can create on a nation’s infrastructure or  business operation.

This latest attack shows that no organisation is exempt from being a target from hackers who have proven time and again that they are capable of infiltrating critical infrastructure and causing disruption.  

Proactive security controls, including network monitoring and analysis, and both timely and rapid detection within seconds, can circumvent the risk of data loss and limit an attacker’s ability to move about a network.  

Ultimately, however, public and private sector organisations need to think more strategically about the type of attacks at hand and understand the end goal of the game being played here, namely prized access to highly sensitive data.

WatchGuard Technologies A/NZ country manager Mark Sinclair

A sophisticated attack requiring a mature skill set is highly likely to be executed by a foreign state-based actor or a very well-funded organisation.  

The fact that it is targeting an MP is a strong indication that it is a foreign nation.  

Any MP can be the target of such an attack since the attacker may be able use it as a springboard to launch subsequent attacks on other MPs on the network.   

If this attack was the result of weak or stolen credentials then the use of multifactor authentication will play a big part in preventing further attacks.

Ping Identity APAC regional director Geoff Andrews

Although Ping Identity has no specific insights into this incident, we are aware of several highly active state-sponsored cyber actors who have successfully compromised other government entities worldwide.  

Government ministers and MPs are high-value targets for hackers.

Highly sensitive information assets should at a minimum be protected by multi-factor authentication, including something you are (biometric), something you know (for example, a password) and something you have (a one time code or token).

Sophisticated protections will overlay intelligent, dynamic step-ups in authentication based on other factors such as location, time, changing IP addresses, or other behavioural characteristics.

Government and commercial enterprises need to secure user access via strong authentication, using secure but user-friendly methods, like industry standards like FIDO.

Aura Information Security Australia country manager Michael Warnock

This breach once again confirms that distance is no defence for the Australian public and private sectors.  

Both individuals and their employers need to have proactive cyber defence measures in place day in day out and also ensure that they have a strong focus on educating their employees.  

As with the community in general, the Australian public sector is in the sight of cyber criminals and we should all continue to take note of the ASD Essential 8 strategies to mitigate cybersecurity incidents.

Thycotic chief security scientist & advisory CISO Joseph Carson

The latest cyber attack against the Australian Parliament shows that nation state actors and cybercriminals will continue to target humans in an attempt to gain access to their email and passwords

Email and Password theft is the first step in trying to gain access to sensitive information and networks.

This is typically one step in the door for attackers who can then use those credentials to elevate to privileged accounts that could then allow unfederated access to the entire network.

Sometimes elevated accounts to privileged users can be as easy as exploiting vulnerable systems, or the compromised account is already overprivileged allowing the attackers to bypass any security controls in place.

The incident at AMP highlights the risks of overprivileged insiders who can abuse their access to steal sensitive information from their employers.

Third party suppliers and contractors are a major risk to organisations and it is critically important to ensure that strong privileged access management is in place to secure access to customer data, intellectual property and sensitive systems so they must satisfy strong security controls and are prevented from moving data to personal accounts or outside of the organisation’s data vaults.

Carbon Black security strategy head Rick McElroy 

Democracies around the world are under attack.

Governments, which are often understaffed and underfunded for cybersecurity, must craft and implement strategies to address the rising number of attacks they face. 

The bar for cyber attacks is so low in some instances that it invites various repeated attacks.  

Story image
2020 has profoundly changed how we work – so what now?
To navigate these changes now and into the future we need to build adaptable technologies and resilient workforces that can adjust on the fly.More
Link image
VR a leading factor in edge computing, says Gartner
Edge architectures and technologies, including VR, will be an essential component of innovative products and services.More
Link image
How to prove to your C-Suite that CX is worth the investment
Regardless of the benefits of customer experience (CX), the C-Suite wants to know how to validate an experience management program. Local CFOs voice their concerns about ROI, tangible value, and financial benefits – how will you make your case?More
Link image
How a metrics-driven mindset can enable DevOps at enterprise scale
Here's how to enable dev teams to deploy higher-quality software and create reporting standards that clearly communicate software performance.More
Story image
Gartner: Security leaders must balance risk, trust and opportunity
Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function.More
Link image
<span class="coloured">Unleash the intelligent way to automate at Pega Discover – Intelligent Automation</span>
Find out how the world’s largest brands are accelerating business and simplifying systems in this two-hour, interactive virtual event. By the end you’ll be primed to start getting business done smarter and faster while scaling toward your biggest business goals. Register Now.More