This week on our blog, we have a guest post from Martin Schlatter CIO & APAC CEO at NTT Security.

We all know the devastating impact cyber attacks can have on organisations today. But for many IT managers in Australia, there is an additional reason to improve cyber resilience: new mandatory data breach notification legislation introduced in February. With the negative publicity arising from forced notifications, Australian organisations will need to improve risk reduction on the endpoint.

When it finally becomes law, the new Privacy Amendment (Notifiable Data Breaches) Act will apply to a large range of public and private sector bodies, forcing them to publicly declare a breach. That should help to focus boardrooms across the country on improving their cyber defences. But given the sheer diversity and volume of attacks today, where should investments be concentrated?

A great place to start is protecting endpoints from attack. By infiltrating a corporate user’s desktop, laptop or even mobile device, hackers can carry out a range of nefarious activities. Apart from stealing and using the personal data they find on the machine itself in follow-on fraud attacks, they can use an infected device as a beachhead into the corporate network. Once inside, they could infect an organisation’s IT systems with ransomware, conscript machines into a botnet or – perhaps most damaging of all – steal sensitive IP and/or customer data.

The latter could result in a hefty fine of up to AU$1.8m under the new Australian law, as well as major knock-on financial and reputational costs resulting from the bad publicity.

Trojans are by far the most popular type of malware in Australia, accounting for 93%, while remote code execution (over 70%) remains the main objective of application-layer threats, according to our latest Global Threat Intelligence Report (GTIR). But how do hackers typically get these threats onto the machines of their victims? Many use exploit kits: pre-packaged environments allowing them to select vulnerabilities, set up websites for distributing malware targeting those vulnerabilities, and managing the malware once it has infected users’ computers.

So what’s the answer? Unfortunately, when it comes to cyber security, there is no single solution. However, a few best practice steps will help mitigate a great deal of risk.

  • Effective patch management will ensure vulnerable software and operating systems are always up-to-date and insulated from the vast majority of exploits
  • Upgrade or uninstall any software/systems that are no longer supported
  • Consider next generation endpoint security tools to block zero-day threats
  • Subscribe to threat intelligence feeds to ensure firewalls, IPS, SIEM etc can identify and block exploit kit-associated websites more quickly
  • Ad blockers can minimise the risk of so-called malvertising attacks

According to our GTIR, 81% of all cyber attacks on Australian organisations were directed at three industries – finance (34%), retail (27%) and business and professional services (20%). But no matter which sector you are in, it pays to stay on top of endpoint security. Download our Global Threat Intelligence Report (GTIR) now for more details: