With National Cyber Security Week recently passed, and some high-profile online security breaches making international headlines, brands in Australia are being warned about the implications of turning a blind eye to the issue. ANDREW JENNINGS asks whether the concern over cyber crime is genuine, or just a piece of scaremongering by the authorities.
Late last month, Commonwealth Bank chief exexutive Ian Narev told the Group of 100 congress of leading finance executives that the threat of a cyber attack is one of his biggest fears.
“The security of our perimeter and our ability to understand what sorts of things people might try to do, what sorts of ways they could put our relationship with customers in jeopardy, is something we worry about all the time,” Narev told the meeting in Sydney.
His comments arrived the morning after the night before.
The ABC’s Four Corners program the previous day featured a report that alleged that the designs of the Australia Security Intelligence Organisation’s (ASIO) new Canberra headquarters had been leaked to foreign powers – in particular, the Chinese.
Not only that, Four Corners reported that details of ASIO’s communications cabling, server locations, floor plans and security systems had also been pinched.
While Prime Minister Julia Gillard and Foreign Minister Bob Carr reached for the diplomatic panic button – with the former describing parts of the report as inaccurate – it was clear the business community had been spooked.
Last year, the World Economic Forum’s Global Risks Report stated that cyber attack is one of the top five global risks facing business leaders. And Twitter recently unveiled technology to boost security for its users, following a number of cyber attacks on the accounts of leading media outlets, including the Associated Press and the Financial Times.
Despite certain strands of paranoia seeping into recent pieces of commentary around the issue of cyber security, particularly the Australian Government’s odd obsession with secrecy, the pivotal point of note for brands in Australia is that they continue to overlook the rudimentary basics of IT security.
This includes the simple measures of resetting passwords, keeping confidential material off servers and updating software. “The key thing to remember is that hackers will always target the weakest link,” says Craig Searle, operation director for BAE Systems Detica.
“And at the moment, there’s a realisation in the hacking community that social media tends to be poorly secured, operated by people that are not IT security experts, and therefore tend to fall into common mistakes when it comes to password security or account management.”
According to the Department of Broadband, Communications and the Digital Economy, 67% of Australian internet users admit that they don’t change their passwords regularly.
On top of this, 43% of internet users believe that someone else knows at least one of their security passwords.
Three in five internet users aged over 55 access Wi-Fi at home, with half still using the default password, no password or not being aware if they have one. Jason Chuck, managing director of the Australian arm of international online dating giant eHarmony, warns: “For all their schemes, fraudsters are dependent on you providing them with information.
“At some point, you have to give them access, details, or give them money, before they can commit their fraud.”
Although eHarmony can boast its own dedicated cyber security team, it is also very much reliant on its members alerting the team to suspicious activity.
BAE Systems Detica’s Searle says that for brands using social media, protecting themselves against hackers and spammers is crucial. He argues that companies risk losing their customers if problems are not resolved quickly, and he warn that a brand’s reputation can be seriously – and quickly – compromised by damaging cyber attacks.
“It can have some fairly devastating consequences for your brand, depending on how reliant you are on social media for brand awareness,” he says.
Twitter under fire
In the case of Twitter, it has come under fire over the past year for failing to offer what is known as “two-factor authentication”, amid several breaches of high-profile accounts, including a fake tweet about a White House explosion sent from the Associated Press account, which briefly spooked the markets.
Twitter, a service that is widely used on a daily, if not hourly, basis by consumers, political activists, advertisers and news outlets around the globe, responded to this by rolling out an optional ‘login verification’ service for users, designed to put a stop to hackers seeking to access accounts by using stolen passwords.
Searle adds: “Social media is a risky environment for brands to operate in. “Twitter and other social media channels tend to be run by marketing or communications professionals without any involvement from the IT security department.
These marketing and communications teams may not necessarily be aware of the security implications behind the systems.
“Social media professionals should, therefore, be trained to understand the inherent risks of social media platforms and how to protect and secure these channels.”
Searle suggests that many brands believe it is simply a case of getting a social media account open and running.
Brands don’t give enough consideration to what the implications of security breaches to these accounts could be.
“Everyone is very focused on getting their brand awareness out there, but many don’t have a system in place when things go wrong and they get hacked,” he concludes.
Sarah Mason, PR and brand manager at eHarmony, says that it’s continually difficult for companies to stay one step ahead of the hackers, who are changing their methods and learning new tricks every day.
“You can take precaution after precaution, but unfortunately, just as security measures are changing and getting better, hackers are changing and becoming different,” she says.
Mason adds: “However hard you work at guarding your brand, there’s always a chance that someone is going to get through.”