Banner Image
Visit this speakers page

Cyber security and data breaches – why should we care? Because it will happen to you - And it will hurt. That may seem flippant, but it’s based on some hard facts.

Cybercrime is alucrativebusiness model

The criminal underbelly of the Internet has developed into a multi-faceted business model whose participants range from individuals and amateur hacking teams looking for quick bucks, to sophisticated professionals engaging in multi-billion-dollar industrial espionage and even nation-state adversaries using the most highly sophisticated tools and methods.

A 2016 Cyber Security Review conducted by the Australian federal government found that cybercrime is costing the Australian economy up to $1 billion annually in direct costs alone. And those costs are growing.

As the Australian Criminal Intelligence Commission states:

“Australia is an attractive target for serious and organised crime syndicates due to our nation's relative wealth and high use of technology such as social media, online banking and government services. Due to the possible lucrative financial gains for serious and organised crime syndicates, the cybercrime threat is persistent.”

Put simply– cybercrime is here to stay.

There's never been a better time to be a hacker

Putting ethics aside for a moment, from a purely technical perspective there's little that separates an IT security professional who's authorised to test the security of a network from an attacker working for criminal gain or another malicious purpose.

Both have access to a vast array of learning materials and tools to achieve their goals, with a myriad of online courses teaching even the most advanced skills. Many powerful tools can even be downloaded and used for free.

And of course, the Internet itself is a 'target rich environment' for an attacker to hone their skills. This all combines to create a hackers paradise, so long as personal ethics and law enforcement aren't issues, which in many places, they are not.

Most computer networks are not well defended

Even now in 2019, most computer networks are not well defended against even moderately skilled cyber criminals. Ask a network administrator what security controls are defending their network and you'll probably receive the same responses we did ten years ago – a firewall, anti-virus programs (hopefully being updated), maybe some logging (which isn't reviewed anyway) and filtering spam emails.

But unfortunately, most hackers can send a well-crafted email that slips through a spam filter, tricks a user into opening a document or link, deploys a malicious program which bypasses anti-virus, infects the user's computer and calls back to the attacker. The stage is now set for a broader compromise of the network, which can last for months or longer until it's discovered.

While this is one common attack scenario, there are many more, including malware which provides access to a victim organisation's email or online bank accounts, ransomware which encrypts files across a company's network, or a fraudulent email which tricksan unsuspecting user into transferring large sums of money to the attacker.

All this is especially difficult for small to medium organisations, who often already have limited IT resources, or rely on third parties for core IT services (who often don't provide sufficient security capabilities either).

One more consideration – mandatory reporting of data breaches

Since February 2018, organisations regulated under the Australian Privacy Act 1988 are legally required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to individuals whose personal information is involved in a breach.

This new legislation is a game changer. No longer can organisations simply clean-up and move on. They must now conduct proper investigations to determine the extent of the breach and data compromised. Failure to do so could result in adverse findings and fines from the OAIC, legal action by effected parties and of course reputational damage to the organisation.

Conclusion

As with any risk, an ounce of prevention is worth a pound of cure.

Organisations need to take stock of their critical systems and confidential data, understand the ways in which it could be compromised and identify methods to prevent, detect and respond to any suspected or actual breaches.

This doesn't necessarily mean a huge investment in systems and people. Significant improvements can often be made by better leveraging existing capabilities, such as better use of backup and logging provided by native operating systems such as Microsoft Windows. But it will require knowledge and expertise of cyber threats, which means either training staff internally or engaging specialists to assist.

A massive thank you to you both for all your assistance from selecting to co-ordinating the speakers for our annual ProLoan conference. Feedback was that this year’s speakers where the best they had EVER heard at ANY event. So this is pretty amazing, because they do go to a lot of sessions like these.

Director of Network Relationships - Proloan (aust) pty ltd

Again this year you and your team have been fantastic and extremely helpful.  In regards to you Sharm, you have been an absolute star and phenomenal help with our speakers and presenters, a great communicator, wealth of knowledge and so prompt with responding and looking at ways to cater to our needs.

Event Manager Fitness Australia

I would recommend, without hesitation, the services of Jane Rowland Smith and Ovations. Jane answered a last minute call to arrange a guest speaker for our principals. Nothing was too much effort, all was arranged within hours, and went very smoothly. The guest speaker was exactly what we required and our brief was followed. Thank you Jane and the team at Ovations.

Executive Director of Schools Catholic Education Diocese of Parramatta

All aspects of the process has always gone seamlessly with Ovations and we will continue to seek your assistance for the awards in the coming years.

Thank you again, your help has meant that our Awards are very professional and extremely well received by our members and guests.

Executive Assistant BSCAA NSW Division

Jane, I personally want to thank you for all of your support, advice, patience and all round kindness that you have given me over the last 3 or so years.  This event would not have been as successful without the valuable MC’s you have recommended and the support you provided me when it all just seemed too hard

Shona Dilley – Smart School Awards, Department of Education
Back to Top /**/