Attacks against Aussie Govt infosec infrastructure surge

The Australian Government’s Cyber Security Operations Centre (CSOC) has dealt with a 52 percent increase in cyber security incidents in the first nine months of 2012.

Stephen Smith, Minister for Defence.

CSOC responded to 470 security incidents in the first nine months of 2012, Defence Minister Stephen Smith revealed to DSD’s Cyber Security Conference in Canberra, compared to 310 for the whole of 2011.

Smith said cyber security was now a global challenge for all parties: Government, industry and individuals.

“The dangers come not just from nation states, but also non-state actors,” he said.

CSOC’s latest data suggests that these actors are often global criminal sources - with 65 percent of cyber intrusions “economically motivated”.

The figures are welcome given the previous dearth of official data on Australian cybercrime.

Smith cited Symantec’s 2011 estimate that cybercrime accounted for some “$4.5 billion” -- more than the cost of burglary and assault combined.  

He urged agencies and organisations to embrace the defensive strategies advocated by DSD, especially its top four:

• use application whitelisting to help prevent malicious software and other unapproved programs from running;
• patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers;
• patch operating system vulnerabilities;
• minimise the number of users with administrative privileges.

Adopting these would defend against some 85 percent of intrusions, he said.

These four strategies have now been trimmed to a more memorable DSD slogan of “Catch, Patch, Match” in the launch of a new DSD video:

1. Catch malware by application whitelisting.
2. Patch software and operating systems.
3. Match administrator rights to the right people.

“The evidence to date clearly indicates the “Catch, Patch, Match” approach is the best way to mitigate against cyber intrusions, protect your most valuable information and enhance the resilience of your networks,” Smith said.