The week in security: Get real about your security exposure, experts warn AISA

Credit: ID 109936956 © Nattapong Awaiwanon |

The annual national conference of the Australian Information Security Association (AISA) saw hundreds of cybersecurity professionals converge on the Melbourne Convention and Exhibition Centre – including several dozen students who rocked up to meet peers and recruitment-minded sponsors for the latest 24-hour Cyber Security Challenge Australia (CySCA) competition.

CySCA represented the culmination of many months of preparation by sponsors, who designed over 100 different tasks against which the assembled teams set their resources and endurance. University of NSW teams eventually took out the prize, but all participants may be winners as many CySCA winners have ended up being offered jobs with observing organisations.

The conference also saw former US government CISO Gregory Touhill warning CISOs that underinvesting in people and process-based cybersecurity defences was a “path to disaster” and that they must “plan for stupid” when designing their defences.

High-profile cybersecurity journalist Brian Krebs, who rose to prominence after disclosing the Target data breach and has subsequently become a frequent target of cybercriminals himself, was also on hand calling for more realistic discussions that should start with an acknowledgement that companies are going to be breached no matter what they do.

Google moved to shut down its failed Google+ social networking service after a breach was revealed to have affected half a million users.

London’s Heathrow Airport, for its part, was fined $223,000 after the loss of a USB stick containing a video that contained 3 seconds’ worth of personal information that could be easily compromised.

If that case added a new element to the real costs of cybercrime, hackers will get the chance to use masses of real-world financial data – anonymised, of course – during the Sparkfestival’s upcoming open-data hackathon.

Many companies may be accidentally contradicting or bypassing their IT policies by embracing the increasing interconnectedness of software-as-a-service (SaaS) applications.

Microsoft was working to do its part by patching 49 vulnerabilities, including a zero-day Windows flaw, in its latest Patch Tuesday update.

Little wonder the Five Eyes computer emergency response teams (CERTs) moved to issue a joint alert about the risks from RATs, Trojans and botnets – favoured by nation-state criminals who are using them to hack all manner of business.

Tags GoogleCISOs#AISACyberCon18

Show Comments