Creating human firewalls

Over 150,000 cyber-attacks were made on Cenitex and our government customers in April, most of them coming from the US, China and Russia.

More than half of these attacks were what’s known as ‘exploits,’ attack activities that actively seek to compromise systems, gain unauthorized access to system or services, or tamper normal system operations by exploiting known or potential system vulnerabilities.

Failure to protect our customers from these attacks would have a devastating effect on the wider Victorian community.

While most attacks are still conducted (and defeated) digitally, one of the greatest threats to cyber security is social engineering, or the manipulation of trust to garner advantage. Social engineering is increasingly raising the question:

How do we create human firewalls?

We all know the Nigerian Prince won’t actually pay us $4.8 million in return for our bank details, but when these types of emails imitate government agencies or your bank or electricity provider, the risk ramps up.

Last year, one of my senior finance officers was targeted via social engineering. A fake email purporting to be from me asked for a large figure cheque to be issued. The staff member popped around to confirm the out of character request, and when I asked, ‘What cheque?’, the scam was revealed for what it was.

Common-sense can be a key line of defence.

 

Cyber security awareness across all users of government information systems is a “critical element to creating a safer and more secure IT environment,” as stated in the Victorian Government IT Strategy 2017-18 Action Plan. As an active member of the cyber security community, Cenitex contributed to the development of this strategy.

The 2018/19 Victorian Budget, released on 1 May, announced an investment of $17.6 million to deliver our state’s first ever Cyber Security Strategy. The strategy will help keep safe the personal information of Victorians.

In addition to multiple layers of technical cybersecurity, Cenitex has recently launched GO Phish, a security service that allows our customers to run their own internal phishing campaigns in a safe and secure way. Instead of unleashing the next Wannacry, the email links open training modules to provide instant information and tips to users, improving education.

Services like this put people as the first line of defence and improve the resilience of an organisation against social engineering.

The IT industry can't create human firewalls overnight. But by creating an environment where cyber vigilance is the norm and putting the spotlight on user education and individual responsibility for our own staff and for our customers, we're making a strong start.