Cyber ransom tactics on the rise, says Telstra

High-profile cases of hacking make businesses aware that even the largest companies can be at risk. Photo: AP

Max Mason

Telstra’s top technology security executive has called out an increase in attacks by cyber criminals seeking to hold computers to ransom as a growing concern for Australian businesses.
The telco’s chief information security officer, Mike Burgess, said hackers were becoming less interested in stealing information and more keen to simply gain control of workers’ computers.
So-called ransomware occurs when individuals who may hold sensitive company data are targeted and attacked. They are often tricked into clicking on a link in a personalised email, which then compromises their machine.
“A trend increase now is ransomware. We see phishing emails being used not to steal data but to lock up, encrypt your laptop or your files and then hold you to ransom,” Mr Burgess told The Australian Financial Review.
“I have seen targeted instances of that where the phish is well targeted against people who will most likely be holding sensitive data. The crooks may think if they go after the lawyers, or someone in mergers and acquisitions, that the company may want to pay a ransom for that PC.”
Individuals and businesses are beginning to realise the importance of protecting data, but it is taking time. Company directors are placing a greater importance on cyber security as an all-year around issue, not just one that is addressed once a year.
“Humans have long understood the physical threat because it’s in our DNA,” Mr Burgess said. “Cyber threat is intangible just given cyberspace and the internet isn’t that old, it is not yet in our personal or corporate DNA to handle this particular threat.”

Scale is no barrier

High-profile cases of hacking, such as the theft of 77 million users’ data from Sony, make businesses aware that even the largest companies can be at risk.
Mr Burgess said businesses need to know the value of their data, know where it is, know who has access to it, why they have access to it, who is protecting it and how well it is protected.
“You ask someone what their important data is and, with their permission, then prove to them how you can steal that through them by hacking their network, or convincing someone to click on a link that they shouldn’t,” he said.
“That can be an effective tool, I have used that before to get someone’s ­attention to show them that this threat is real to them.”
A survey released by Ernst & Young on Monday found 80 per cent of Australian companies believe they face an increased threat of cyber attack. Fifty-one per cent believed their organisation does not have the systems in place to detect a sophisticated attack.
Head of global security at British Telecommunications Mark Hughes told the Financial Review that the controls put in place to combat cyber attacks and crime do not need to be hugely ­sophisticated, but needed to be taken up ubiquitously to gain the benefit of a herd immunity.
“If we can collectively get better – consumers, small, medium and large enterprises – to protect ourselves then there will be less of a success rate among the organised criminal-type gangs,” Mr Hughes said.
“As an industry in security, we need to be better at serving that sector. But the starting point is finding where there are vulnerabilities in terms of what would be at stake if they were attacked.”