The week in security: Growing attacks prompt calls for cybersecurity speed-up as election looms

As the last weeks of the election campaign ticked over, the Australian Computer Society was calling for whichever party wins the July 2 poll to accelerate its investment in cybersecurity development. This investment reflects not only the growing need for cybersecurity skills but the need to defend the country against attacks from the likes of China – which, despite reports that it has reined in its state-sponsored cyberwar efforts, is still targeting Australia with some regularity and is choosing targets based on more than just their relative importance to Australia's trade.

Governments are also addressing issues of online identity with increasing importance, with the director of UK-based GDS Verify Tech expecting online IDs for everyone in “a small number of years”.

High-level tech policy will also need to address the increasing role of companies like CrowdStrike, which opened an Australian office that it sees as a touchstone for its expanded Asia-Pacific presence. NEC Australia has also been stepping up its Australian cybersecurity presence, with a $4.38m cybersecurity centre in Adelaide providing a key capability in the company's growing global service network.

Such businesses are leveraging the growing role of data in ongoing cybersecurity efforts, with machine learning technologies one key enabler for companies like Hungarian startup BalabIt's privileged-account tools. Others are wrapping the conceit into behavioural firewalls that rank each device's relative risk and block or unblock it according to corporate policies.

Amazon Web Services and Microsoft cloud platforms won security approval for use by US government authorities while a massive breach of computer maker Acer exposed the personal information of 34,500 online shoppers.

Signs suggested that ransomware attacks were getting far more serious as they targeted increasingly large firms and victim numbers continued skyrocketing. And, confirming the breadth of the threat, there were suggestions that hackers had been selling access to 170,000 compromised servers.

Microsoft paid out two significant bounties for the same bug in June, while pundits were reviewing the US Department of Defense's bug-bounty program. This, as another security firm confirmed that Russians had hacked the country's Democratic National Commitee in a recently publicised compromise despite a lone hacker's claim that he had done the deed.

This, as tech groups said the FBI shouldn't be allowed to do mass hacking and a US court ruled that the FBI doesn't need a warrant to hack a suspect computer. Also on the US legal front, Microsoft was claiming success after a US Supreme Court decision held that US laws do not apply outside the country without explicit provisions from Congress.

Consumer authority the US FTC alleged that a mobile advertiser was tracking users' locations without their consent, while there were warnings that remote device management software used to track employee devices may be collecting more information than employees are comfortable with.

Contrary to conventional wisdom, some were arguing that developers who regularly update software code can improve overall security. This may prove to be relevant for IT-security practitioners expressing concern about the security of their industrial control systems, as part of a growing movement to formalise infrastructure protections through what is being billed a 'Geneva Convention for cybercrime'.

Tags Chinacyber attackselectionCSO Australiaweeek in security

Show Comments