“Not if but when” - is the unofficial motto of cyber security professionals.
This quote truly demonstrated its validity with the recent cyber-attack on channel 9.
On Saturday night, computers and other devices in CH9 started to experience malfunction. This would be the beginning of what The Sydney Morning Herald would describe as the biggest cyber-attack on Australian Media.
Soon after, transmissions from the channel ceased and an unnerving air silence dominated the airwaves.
The attackers seem to have planned this carefully and the specific time they chose for the attack indicates that there was some considerable preparation in planning the attack. Something of this gravity cannot happen by chance. The assailants probably theorised that on Saturday, the cyber-governance defences might be more relaxed. It is not uncommon, in large organisations, for the Saturday night shift to be given to less experienced members of the defence team, and has the fingerprints of a sophisticated threat actor.
Weekday host Karl Stefanovic quipped: “Bear with us as we try and work around these technical issues caused by Vladimir [Putin] … We’re not blaming anybody in particular.”
As of now, we are not sure how the cyber criminals infiltrated.
This is not the first hack to be attributed to a foreign power. It was alleged that Chinese hackers targeted the New York Times twice and managed to infiltrate its defences.
The Australian government has put forth many initiatives to strengthen the cyber security of Australian organisations, but it seems that many are still the “low hanging fruit” for cyber criminals.
Cyber security is sometimes viewed as a complicated luxury, but this is starting to shift. More and more large and small businesses are testing their internal systems and conducting cyber exercises. The average cost of a cyber-attack in Australia is $276,000 according to ReportCyber (formerly ACORN). As of now, no one knows how much the attack on CH9 will cost but it’s definitely going to push the average upwards.
Business owners and leaders are starting to realise that securing their information is not just best practice, but vital to their company’s well-being. No one wants to see their business making the headlines in this fashion.
Here at Compliance Council, our team of expert InfoSec Consultants highly recommend to conduct these exercises on a regular basis.
The benefits are multi-fold and this will give you confidence and quality assurance to stakeholders.
Read our article on Pentest here:
Read our article on Cyber Incident Response Drill here:
As part of our new Service offering in addition to our existing ISO 27001 services, we can help you to conduct Pentest and Cyber Drills, Contact Us to find out how we can be of assistance.
Schedule a complimentary consultation with our Principal Consultant today.