After Nine experienced a cyber-attack over the weekend, there have been questions about how vulnerable other Australian institutions might be to ransomware.
While Nine continues to deal with the ransomware attack, Parliament House also experienced a potential hacking attempt over the weekend.
The department of parliamentary services email network shut down due to an IT issue. According to Andrew Hussie, Assistant Defense Minister, “the government acted quickly, and we have the best minds in the world working to ensure Australia remains the most secure place to operate online.”
“Cybersecurity is a team effort and a shared responsibility.”
“It is vital that Australian businesses and organisations are alert to this threat and take the necessary steps to ensure our digital sovereignty.”
DPS is currently being supported by the Australian Cyber Security Centre.
Rick McElroy, Principal Cybersecurity Strategist for VMWare Security Business Unit, says that attacks like this are becoming more and more common.
“Not only are ransomware attacks getting increasingly sophisticated, the nature of ransomware attacks has also evolved to the point where organisations are experiencing the full brunt, damage, and impact first-hand.”
Mike Sneesby, Nine’s CEO and Damian Cronan, Nine’s Chief Information and Technology Officer sent a note to staff on Monday evening.
Sneesby commended the “countless cases of leadership, ingenuity and resilience [over the last 48 hours] as we pivoted quickly in key areas of our business.”
He said that “the cyber-attack we experienced over the weekend was significant in scale…A number of our core systems remain offline as we work to carefully return services.”
Cronan added, “our focus in the first 24 hours was on containment and we are confident our technology teams have isolated the attacker and the specific destructive activity that was initiated.”
One of the consequences of that strategy was the corporate network was disconnected from the internet, and internal networks separated from one another – for example Sydney is disconnected from Melbourne and Broadcast is seperated from Publishing.
“This has been an effective strategy however, it also means several services that are dependent on the corporate network are not available,” said Cronan.
Aaron Bugal, Global Solutions Engineer at Sophos believes that those in leadership across all industries have not taken cybersecurity seriously enough.
“They see cyber risk as more of an IT problem, rather than a responsibility that should sit with everyone in a business, starting with the top-down. This high profile attack on Nine serves as a timely warning to media outlets to evaluate their cyber security posture and their resiliency.”
According to Sophos’ recent report, ‘The Future of Cybersecurity in Asia Pacific and Japan’, more than half of Australian organisations suffered a data breach in 2020.
“Our research demonstrates that one of the top frustrations identified by Australian companies is that executives assume cybersecurity is easy, and that reported threats and issues are exaggerated. It’s a disturbing attitude in light of the number of high-profile attacks we’re seeing and considering that 62 per cent of Australian businesses agree that their company’s lack of cybersecurity remains a challenge,” he said.
Bugal also pointed out that cyber attacks had a range of potential consequences for the media industry.
“The on-air impact is detrimental as it halts operations and impacts the bottom line, while also preventing the public being informed of news and events that affect them.”
“Meanwhile the potential exposure of data can also bring not just financial, but also legal and reputational consequences too. The financial costs of these kinds of attacks involving downtime can translate into millions of dollars.”
VMWare’s Rick McElroy said that there are a number of strategies organisations can take to protect their cyber security, particularly workload security micro-segmentation, and identity and access solutions built into cloud stacks, rather than bolted on after the fact.
“The central vulnerability in supply chain compromise stems from networks granting administrative access to outside parties. The larger that window of time an outside user is granted access, the larger the opportunity for an attacker to get in.”
“So, while multi-factor authentication is important, continual authentication is the next evolution – ensuring that no one has perpetual administrative rights, and that they’re granted access for a purposeful window of time.”
Nine has not yet been offered a ransom for the breach. If they were to be offered one, Aaron Bugal believes they shouldn’t pay it.
“While paying the ransom seems to be the most simple and effective way of recovering data, but it is not an easy, nor inexpensive, path to recovery. In fact, the total cost of recovery can almost double when the ransom is paid.”
“Fortunately, more than half (56 per cent) of IT managers surveyed in Sophos’ The State of Ransomware 2020 report managed to recover their data from backups without paying the ransom.”
The source of the attack on Nine is still unconfirmed.
Featured Image: iStock/scyther5
Please login with linkedin to comment
Today, Integral Ad Science (IAS), a global leader in digital ad verification, released its Media Quality Report (MQR) for H2 2020, providing transparency into the performance and quality of Australian digital media, alongside global comparisons. Integral Ad Science’s H2 2020 MQR highlights brand safety, ad fraud, and viewability trends across display, video, mobile web, and […]
Quintis Sandalwood has appointed Illuminate as its global PR partner following a competitive pitch process. Proudly Australian, Quintis produces and markets Indian Sandalwood oil, logs, chips and powder products across the world to major companies in industries such as fragrance, aromatherapy, cosmetics, handicrafts and Traditional Chinese Medicine industries. Illuminate will be responsible for a global communications […]
Hopefully the weekend has given everyone enough time to recover from B&T’s 30 Under 30 awards and prepare themselves for our official photo dump! We shared some of the highlights last week, and now you can peruse all of the pictures taken on the night. Thank you to everyone for attending this year’s awards, and […]
Kinderling Kids Radio (Kinderling) has announced the completion of its move from DAB+, where it launched six years ago, to a direct-to-consumer streaming model, accessible online or through the Kinderling Kids iOS and Android app. The Parent Brand, the parent company of Kinderling Kids and Babyology, made the decision to shift as streaming and on-demand […]
Most people over 60 stay on top of their health with regular check-ups. Whether it’s eyes, prostate or breasts, they realise at their age it’s important. But one that gets ignored is hearing. They’d rather live with gradual hearing loss, and continually ask what, huh, pardon or sorry until it seriously impacts their life and […]
Creative communications agency Connecting Plots has been appointed by Casella Family Brands to handle the social media accounts for [yellow tail] wine in Australia. The win follows an audit of the Casella Family Brands social activities, which led to [yellow tail] rethinking its approach to social media and how it aligns with its overall marketing […]
v2food, has appointed HERO’s B.B.E as the lead strategic and creative agency for the brand following a competitive pitch process. v2food is an Australian pioneering food technology business with a global vision to feed the planet sustainably. After launching nationally in 2019, v2food has been on a mission to offer Australians an easy alternative to meat […]
Magnite (Nasdaq: MGNI), the largest independent sell-side advertising platform, today announced it has been working with Adform, the only independent global ad management platform covering all aspects of the digital campaign lifecycle, to scale first party identifiers in privacy-safe ways. With the pending elimination of third-party cookies, the industry must establish future-proof identity solutions for publishers and buyers.
The Commercial Producers Council is delighted to announce the appointment of Martin Box (pictured) as its new Co-Chair, effective immediately. Box, Head of Production at Airbag, joins Co-Chair Pip Smart, and fills the vacancy left by Lucas Jenner who steps aside from the Co-Chair role after four years of service, in accordance with the CPC’s […]