It’s easy to get lost in a sea of information when looking at cybersecurity issues – hearing about hacks and cyberattacks as they happen is a surefire way to feel helpless and totally disempowered.
What follows is a sort of future shock, where we become fatalistic about the problem. After all, 86% of organisations from around the world surveyed by PwC reported exploits of some aspect of their systems within a one year period. That represented an increase of 38% on the previous year.
However, once the situation comes into focus, the problem becomes much more manageable. There are a range of things that can we can easily implement to reduce the risk of an incident dramatically.
For example, Telstra estimates that 45% of security incidents are the result of staff clicking on malicious attachments or links within emails. Yet that is something that could be fairly easily fixed.
There is currently a gap between our confidence in what we can do about security and the amount we can actually do about it. That gap is best filled by awareness.
So here are some of the top things you can do to protect yourself from cyberattack:
1 Managed risk
First up, we need to acknowledge that there is no such thing as perfect security. That message might sound hopeless but it is true of all risk management; some risks simply cannot be completely mitigated.
However, there are prudent treatments that can make risk manageable. Viewing cybersecurity as a natural extension of traditional risk management is the basis of all other thinking on the subject, and a report by CERT Australia states that 61% of organisations do not have cybersecurity incidents in their risk register.
ASD also estimates that the vast majority of attacks are not very sophisticated and can be prevented by simple strategies. As such, think about cybersecurity as something that can managed, rather than cured.
2 Patching is vital
Patching is so important that ASD mentions it twice on its top four list. Cybersecurity journalist Brian Krebs say it three times: “update, update, update”.
Update your software, phone and computer. As a rule, don’t use Windows XP, as Microsoft is no longer providing security updates.
Updating ensures that known vulnerabilities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cybersecurity expertise of experts in the field.
3 Restricting access means restricting vulnerabilities
The simple rule to protect yourself from cyberattack is: don’t have one gateway for everything. If all it takes to get into the core of a system is one password, then all it takes is one mistake for the gate to be opened.
Build administrator privileges into your system so that people can only use what they are meant to. For home businesses it could mean something as simple as having separate computers for home and work, or not giving administrator privileges to your default account.
It could also be as simple as having a content filter on employee internet access so they don’t open the door when they accidentally click on malware.
4 Build permissions from the bottom up
Application whitelisting might sound complicated, but what it really means is “deny by default”: it defines, in advance, what is allowed to run and ensures that nothing else will.
Most people think of computer security as restricting access, but whitelisting frames things in opposite terms and is therefore much more secure. Most operating systems contain whitelisting tools that are relatively easy to use. When used in conjunction with good advice, the result is a powerful tool to protect a network.
Protect yourself from cyberattack: Simple things first
Following these basic rules covers the same ground as ASD’s top four mitigation strategies and substantially lowers vulnerability to protect yourself from cyberattack. If you want to delve deeper, there are more tips on the ASD site.
There are many debates that will follow on from this, such as: developing a national cybersecurity strategy; deciding if people should have to report an incident; the sort of insurance that should be available; what constitutes a proportionate response to an attack; and a whole range of others.
Each of those debates is underpinned by a basic set of information that needs to be implemented first. Future shock is something that can be overcome in this space, and there are relatively simple measures that can be put into place in order to make us more secure. Before embarking on anything complicated, you should at least get these things right to protect yourself from cyberattack.
This article was first published by The Conversation on 16 October 2015. Read the original article here.
This article is part of The Conversation’s series on the Science and Research Priorities recently announced by the Federal Government. You can read the introduction to the series by Australia’s Chief Scientist, Ian Chubb, here.
Chief Defence Scientist, Defence Science and Technology
The national science and research priorities have been developed with the goal of maximising the national benefit from research expenditure, while strengthening our capacity to excel in science and technology.
Cybersecurity has been identified as a research priority due to Australia’s increasing dependence on cyberspace for national well-being and security. Cyberspace underpins both commercial and government business; it is globally accessible, has no national boundaries and is vulnerable to malicious exploitation by individuals, organised groups and state actors.
Cybersecurity requires application of research to anticipate vulnerabilities, strengthen cyber systems to ward off attacks, and enhance national capability to respond to, recover from, and continue to operate in the face of a cyber-attack.
Cyberspace is a complex, rapidly changing environment that is progressed and shaped by technology and by how the global community adopts, adapts and uses this technology. Success in cyberspace will depend upon our ability to “stay ahead of the curve”.
Research will support the development of new capability to strengthen the information and communications systems in our utilities, business and government agencies against attack or damage. Investment will deliver cybersecurity enhancements, infrastructure for prototype assessment and a technologically skilled workforce.
Accordingly, priority should be given to research that will lead to:
Highly secure and resilient communications and data acquisition, storage, retention and analysis for government, defence, business, transport systems, emergency and health services
Secure, trustworthy and fault-tolerant technologies for software applications, mobile devices, cloud computing and critical infrastructure
Director of the Centre for Crime Policy and Research, Flinders University
Sensible science and research on cybersecurity must be premised upon informed, rather than speculative, “what if”, analysis. Researchers should not be beholden to institutional self-interest from whichever sector: government; business; universities; or security/defence agencies.
We need to be clear about what the cybersecurity threat landscape looks like. It is a variable terrain. Terms such as “cyber-terrorism” tend to get used loosely and given meanings as diverse as the Stuxnet attack and the use of the internet by disenchanted converts to learn how to build a pipe bomb.
References to “warfare” can be misleading. A lot of what we face is not “war” but espionage, crime and political protest. More than two decades into the lifecycle of the internet, we have not yet had an electronic Pearl Harbour event.
Cybersecurity depends upon human and social factors, not just technical defences. We need to know our “enemies” as well as ourselves better, in addition to addressing technical vulnerabilities.
We should be sceptical about magic bullet solutions of any kind. Good defences and secure environments depend upon cooperation across units, a degree of decentralisation, and built-in redundancy.
Director, Security Business Team at NICTA
Cybersecurity is an essential underpinning to success in our modern economies.
It’s a complex area and there are no magic bullet solutions: success requires a range of approaches. The national research priorities for cybersecurity highlight key areas of need and opportunity.
The technologies we depend on in cyberspace are often not worthy of our trust. Securing them appropriately is complex and often creates friction for users and processes. Creation of secure, trustworthy and fault-tolerant technologies – security by design – can remove or reduce security friction, improving overall security posture.
Australia has some key capabilities in this area, including cross-disciplinary efforts.
The ability to detect and monitor vulnerabilities and intrusions and to recover from failure is critical, yet industry reports indicate that the average time to detect malicious or criminal attack is around six months. New approaches are needed, including improved technological approaches as well as collaboration and information sharing.
Success in translating research outcomes to application – for local needs and for export – will be greater if we are also able to create an ecosystem of collaboration and information sharing, especially in the fast-moving cybersecurity landscape.
Director, Advanced Cyber Security Research Centre at Macquarie University
Cyberspace is transforming the way we live and do business. Securing cyberspace from attacks has become a critical need in the 21st century to enable people, enterprises and governments to interact and conduct their business. Cybersecurity is a key enabling technology affecting every part of the information-based society and economy.
The key technological challenges in cybersecurity arise from increased security attacks and threat velocity, securing large scale distributed systems, especially “systems of systems”, large scale secure and trusted data driven decision making, secure ubiquitous computing and pervasive networking and global participation.
In particular, numerous challenges and opportunities exist in the emerging areas of cloud computing, Internet of Things and Big Data. New services and technologies of the future are emerging and likely to emerge in the future in the intersection of these areas. Security, privacy and trust are critical for these new technologies and services.
For Australia to be a leader, it is in these strategic areas of cybersecurity that it needs to invest in research and development leading to new secure, trusted and dependable technologies and services as well as building capacity and skills and thought leadership in cybersecurity of the future.
Director of Security Research Institute at Edith Cowan University
ICT is in every supply chain or critical infrastructure we now run for our existence on the planet. The removal or sustained disruption of ICT as a result of lax cybersecurity is something we can no longer overlook or ignore.
The edge between cyberspace and our physical world is blurring with destructive attacks on physical infrastructure already occurring. The notion of the nation state, and its powers and its abilities to cope with these disruptions, are also significantly being challenged.
The ransacking of countries’ intellectual property by cyber-enabled actors is continuing unabated, robbing us of our collective futures. These are some of the strong indicators that currently we are getting it largely wrong in addressing cybersecurity issues. We cannot persist in developing linear solutions to network/neural security issues presented to us by cyberspace. We need change.
The asymmetry of cyberspace allows a relatively small nation state to have significant advantage in cybersecurity, Israel being one strong example. Australia could be the next nation, but not without significant, serious, long-term, collaborative investments by government, industry, academy and community in growing the necessary human capital. This initiative is hopefully the epoch of that journey.
Professor of Computing and Information Systems, and Pro Vice-Chancellor (Research Collaboration and Infrastructure) at University of Melbourne
There are more than two million actively trading businesses in Australia and more than 95% have fewer than 20 employees. Such businesses surely have no need for full-time cybersecurity workers, but all must have someone responsible to make decisions about which IT and security products and services to acquire.
At least historically, new technologies have been developed and deployed without sufficient attention to the security implications. So bad actors have found ways to exploit the resulting vulnerabilities.
More research into software design and development from a security perspective, and research into better tools for security alerts and detection is essential. But such techniques will never be perfect. Research is also needed into ways of better supporting human cyberanalysts – those who work with massive data flows to identify anomalies and intrusions.
New techniques are needed to enable the separation of relevant from irrelevant data about seemingly unconnected events, and to integrate perspectives from multiple experts. Improving technological assistance for humans requires a deep understanding of human cognition in the complex, mutable and ephemeral environment of cyberspace.
The cybersecurity research agenda is thus only partly a technical matter: disciplines such as decision sciences, organisational behaviour and international law all must play a part.
Professor of Physics and Program Manager at the Centre for Quantum Computation & Communication Technology at UNSW
Cybersecurity is essential for our future in a society that needs to safeguard information as much as possible for secure banking, safe transportation, and protected power grids.
Quantum information technology will transform data communication and processing. Here, quantum physics is exploited for new technologies to protect, transmit and process information. Classical cryptography relies on mathematically hard problems such as factoring which are so difficult to solve that classical computers can take decades. Quantum information technology allows for an alternative approach to this problem that will lead to a solution on a meaningful timescale, such as minutes in contrast to years. Quantum information technology allows for secure encoding and decoding governed by fundamental physics which is inherently unbreakable, not just hard to break.
Internationally, quantum information is taking off rapidly underlined by large government initiatives. At the same time there are commercial investments from companies such as Google, IBM, Microsoft and Lockheed Martin.
Due to long term strategic investments in leading academic groups Australia remains at the forefront globally and enjoys a national competitive advantage in quantum computing and cybersecurity. We should utilise the fact that Australia is a world leader and global player in quantum information science to provide many new high technology industries for its future.
WE OFTEN HEAR CALLS for a more entrepreneurial culture. But what does that mean in practical terms? Yes, it is affected by our national psyche, outlook and attitude to risk. We hear that Australians don’t ‘embrace failure’, and that our finance sector is too conservative in its attitude to science and innovation. These opinions might be true, but regardless we also have to get the building blocks right.
The ‘next big thing’ might come from a series of small steps in developing the environment for more innovators and entrepreneurs to thrive. The government has just released an Industry Innovation and Competitiveness Agenda, which features a few of the steps that will improve the situation for entrepreneurs in Australia.
Issuing share options to employees is an important way of attracting talent. New companies have an idea, a prayer and not much cash. But brilliant young people are often willing to take shares or options in lieu of salaries for a year or two to join the startup entrepreneurial adventure. They might take a very low salary, or spend a year couch surfing or forgoing the benefits of deodorant.
The incredible stories of the likes of Twitter, Instagram, Facebook and the rest mean that by taking shares in lieu of salary they may strike it rich. In Australia, rules introduced in 2009 killed off this pathway by demanding that tax be paid on those shares immediately. The government has now fixed that issue.
Removing barriers is another important avenue to increase business competitiveness in Australia. Simple things like vaccine companies undergoing identical audits from different regulatory agencies draws cash – and focus – out of the business. The government has decided to have a serious go at lowering those barriers.
For the Treasurer’s coming tax review, the Minister for Industry has flagged two more innovations: crowd sourcing of equity finance, and patent boxes. Australia is slow on the equity issue, with the USA, the UK, Canada and New Zealand all ahead of us. But the government has received a very comprehensive report detailing the necessary changes, and action is expected soon. The patent box concept, which started in the UK, allows companies to isolate earnings from patents and have them favourably taxed.
Apart from government, financing of innovation is slowly improving. Westpac has provided $50 million to Reinventure, a venture capital company. CSIRO’s new CEO, Larry Marshall, is an Aussie with 25 years of venture capital experience. If the equity-financing model allows self-managed super funds to invest, then who knows the limits?
Firing up the entrepreneurial spirit in Australia is the next big thing. The foundations are quickly being laid – next we need the builders to come in. The gap year has become common after senior secondary school. Wouldn’t it be something to see a ‘growth year’, when graduates or postgraduates gave themselves a year to pursue an idea?
KnowHow founder Tony Peacock is the CEO of the CRC Association and 2014 Monash University Churchill Fellow at The Winston Churchill Memorial Trust.
THERE ARE INCREASING signs that Australian R&D investment in smart sectors such as finance and agriculture is reaping benefits overseas. Federal Trade and Investment Minister Andrew Robb points to a 10.4% rise in annual gross R&D expenditure to $31 billion (by 2012). This is twice the 4.9% per annum average among countries of the Organisation for Economic Co-operation and Development (OECD).
“Australia is a world-class innovation destination,” Robb says. “This is built on solid foundations of modern infrastructure, strong levels of investment, generous research and development incentives, and strong intellectual property protection.” In the Global Innovation Index 2014, Australia achieved its highest rank for innovation inputs, coming in 10th out of 143 countries and placing 22nd for outputs.
“We have seen a near doubling of patents filed abroad by Australian entities over a 10-year period,” says Ben Mitra-Kahn, Chief Economist at IP Australia, the Federal Government’s intellectual property office. He believes this is an encouraging indication that organisations are taking their innovations to foreign markets.
“Our national scientific research organisation, CSIRO, ranks in the top 1% of the world’s scientific institutions [in 15 of 22 research fields],” adds Robb. He cites Australia’s development of the bionic ear and CSIRO’s pioneering wi-fi work as high-profile examples of Australian innovation.
To that list, IP Australia adds ResMed’s patented sleep apnoea devices as well as Sportwool – a composite superfine Merino wool for endurance clothing, developed by CSIRO and WoolMark and adopted by foreign firms.
There’s also: the 3D-absorbent fabric developed by CSIRO and Textor Technologies, which is being used in the next generation nappy by global brand Huggies; Vision CRC’s ongoing work in contact lens technology worn by millions worldwide; and the Total Channel Control System to rejuvenate outdated irrigation systems. Total Channel Control is now used around the world, and was jointly developed by the former CRC for Sensor Signal and Information Processing, and Rubicon Water.
Relatively speaking, Australia’s weakness is innovation outputs. But efforts by many of the CRCs are building global relationships that will continue to boost the nation’s growth. In 2012, a report by Allen Consulting Group (now ACIL Allen Consulting) predicted that $5.9 billion in direct economic impacts would accrue during the five years to 2017 from CRC-produced technologies, products and processes – on top of the $8.6 billion in direct impacts already accrued since the CRC Program began in 1991.
“No one is more interested in or committed to maximising research impact than CRCs,” says Tony Peacock, CEO of the CRC Association.
Taking finance further
An example of successful Australian innovation on a global stage is the European Capital Markets CRC (ECMCRC). Established in early 2013 by the Australian-based Capital Markets CRC (CMCRC) in collaboration with European universities, more than seven universities were involved at the time of writing, with plans for at least another seven by early 2015.
The CMCRC was born out of the Securities Industry Research Centre of Asia-Pacific (SIRCA), set up in the 1990s by current CMCRC CEO Professor Michael Aitken as a model under which universities could collaborate and share knowledge and infrastructure and then jointly apply for research funding.
Like its Asia-Pacific predecessor, the CMCRC enables the finance and business departments of Australian universities to build and share valuable infrastructure.
A large amount of time in financial market research is spent collecting and collating data and the CMCRC has developed programs that expedite this process. These innovations also enable the data to be shared, with the result being a drastic reduction in research time.
One of the CMCRC’s earliest and most successful innovations was the SMARTS market surveillance system, which was sold to the US stock exchange NASDAQ in 2010. The proceeds of that sale allowed further developments, such as the Market Quality Dashboard.
“The Market Quality Dashboard takes all that data and produces basic metrics that everyone needs to use to analyse things like transactions costs and market volatility,” Aitken explains. It means researchers and academics no longer need to develop these metrics from scratch, thereby improving productivity.
In Europe, the ECMCRC will attract new members by providing academics and universities with access to these tools.
“What we’re doing is encouraging the universities to get together – by giving them something they couldn’t hope to achieve in a million years – and once they’re together, we collectively apply for funding from the EU to be matched by industry funding, thus sharing the very successful CRC model with other countries,” Aitken says.
The university PhD students who use the data, and are in industry placements, have the joint role of linking the research to commercial applications because they best understand what companies need.
Aitken says the CMCRC has already built three major pieces of technology and created at least 200 new jobs in Australian spin-offs as a result.
“We hope that we will do the same in Europe but we need to get the universities together first,” he says. “By focusing on industry engagement first and foremost, we will build interesting technology for businesses. This will build up ‘brownie points’ with industry partners who will provide access to their unique data, which will in turn foster scholarship.”
CMCRC’s predecessor, SIRCA, has 39 member universities from across the region, and Aitken says there are already plans in place for a capital markets research centre in North America in the next five years.
A global effort
The area of agriculture and agribusiness is one of Australia’s five key strengths, points out Robb, and agricultural CRCs have also been very proactive when it comes to international cooperation. Two years ago, the Dairy Futures CRC launched a global research project to create the world’s biggest collection of DNA sequence data for dairy herd bulls.
The aim of the 1000 Bulls Genome Project was to build a database of DNA sequences to be used for breeding Australia’s dairy herds. From that data, mutations that affect animal health, welfare and productivity could also be identified.
A scientific paper analysing the genomes of 234 bulls from three dairy cattle breeds – Jersey, Holstein-Friesian and Fleckvieh – was published in the international journal Nature Genetics in July 2014. It explains that the research team identified 28.3 million genetic variants and was able to use the database to identify a recessive mutation linked to embryonic death in dairy cattle. The researchers also identified a dominant mutation linked to chondrodysplasia, a type of bone disease.
“There’s a real opportunity here if we can find the genes affecting traits that are important to dairy farmers, like fertility, milk production and disease resistance,” the project’s leader, Dr Ben Hayes, recently told the ABC’s Country Hour. “We’re combining the DNA information with the herd records that farmers have kept over a large number of years… to sort through those 28 million variants and come down to a few thousand that really do predict milk production, fertility and disease resistance.”
The project involves 20 international research partners from Australia, France, Germany, Canada, Denmark and the USA. Hayes is based at the Victorian Department of Environment and Primary Industries and leads the Dairy Futures CRC’s animal improvement research program – a partnership between dairy farmers, pasture and cattle breeding companies, government and researchers.
Hayes explains that identifying a gene mutation that causes embryonic loss in cows can help farmers build a healthy, more productive dairy herd. “We know that this particular mutation is already present at low frequency in Australian dairy herds. Locating the mutation means we can test for it and avoid matings between animals that both carry the mutation, to keep it from becoming a problem in the future.”
The CRC is also using the project’s genetic sequence data to design improvements in the routine use of DNA to predict the genetic merits of dairy cows.
“The ultimate challenge in making genomic selection more robust is to find the variants that are considered to be causative – the small fraction of all known variants that are responsible for major changes to the function of important genes,” Hayes says.
“We now have data for the entire DNA sequences, including mutations affecting the traits dairy farmers are most interested in. We are tracking down the causative genes for fertility, longevity and meat production, to equip farmers to make more informed breeding decisions and boost the quality of their herds.”
THE PORK CRC is another good example of global collaboration. The CRC has strong links with the French National Institute for Agricultural Research (INRA) on genetic research around disease resistance and environmental resilience in pigs. Pork CRC Chief Executive Officer, Dr Roger Campbell, credits the collaboration to the reputation and efforts of their geneticist Dr Susanne Hermesch, an Associate Professor at the Animal Genetics and Breeding Unit, based at the University of New England in NSW. Hermesch says international collaboration is particularly important in her field of pig genetics.
“It’s a small, very specialised field, and you really need to look for collaboration to get the people you want,” she says. Hermesch also has collaborative arrangements with researchers at organisations in New Zealand, Scotland and the Netherlands.
Pork CRC’s attitude towards commercialisation of research at a national level also means that any collaborative international research is quickly adopted in the field.
“Research is part of the adoption process,” says Hermesch. “We are recording information and data on farms in the commercial setting.”
Australian breeding companies collaborate in research, which means they must have faith that the research outcomes will result in commercial benefits for their business.
“This international collaboration is valuable,” adds Hermesch. “I’m pulling people from all over the world into my extended research team with links to the Australian pig industry.”
Campbell expects there to be global advantages from the current genetic research because of these ties.
“The pig industry globally is not all that different,” he says. “I would expect that all geneticists, and therefore all breeding companies, are likely to benefit.”