CRN roundtable: The changing shape of cyber security

By on
CRN roundtable: The changing shape of cyber security
Page 7 of 13  |  Single page

Part 1 of CRN's security roundtable appeared in the August issue of the magazine. Here is the second half of the discussion. 

CRN  Interesting you make a point about the operation of illegal cyber activity in the US perhaps attributable to their greater connectivity.  Do you anticipate that Australia is going to be a very different security environment when the NBN comes on board?

Sean  Certainly with our figures we saw a lot more systems compromised as broadband penetration improved in Australia. In the late 90s always-on-computing was not something that happened a lot, and it did provide a lot more resources for the bad guys to use as a compromised machine that may never ever switch off is quite handy, and this connection is always there. But I don’t think that NBN itself is going to significantly change that because we’ve already got quite high penetration of always-on computers, and 3G and 4G networks mean that mobile devices are always connected.  So the stage isn’t really set for any kind of change, because that happened a while back.

Keith  I think it will actually impact in terms of distributed denial of service. You hear quite often a DDOS is used to create some covering fodder. While you’re busy in your data centre where the application is up over here, you have absolutely no idea of what is going on over there.  So I do think that will rise because high bandwidth connected devices will be a great pivot point for a botnet to be part of a DDOS.

We saw 600 Gb in I what I think was the largest attack out there, which was a massive amount of data. It was in spam house I believe in Europe when they attacked them.  We find that the Eastern European criminals use DDOS attacks as a diversion, and in fact the US FBI put out an alert for that specific thing.

CRN  They’re financially motived DDOS attacks?

Keith  Yes, that’s right and they will attack a site knowing that the IT people will be distracted through the malware we’ve talked about – come in through that remote access malware to move around.

 

Sean  Yes, the ability to knock a site off the net, so that you can actually put up your DNS and DDOS is used as a tactical advantage.

Keith  The flanking move is where they attack your website but come in through the back door to the financial system. The second one we see is like anonymous that are attacking by using DDOS attacks to make a statement and being very vocal about it.

Sean  The other ones I’ve seen with DDOS things is gambling operations are particularly vulnerable and a thing has a very short lifespan and there’s the threat say that ‘we will take you off the net and you can’t receive communication unless you pay us, because we’ll take you off this event.

Peter  Melbourne Cup day is a perfect example.  Or you want to talk about Optus and Telstra and their partners coming together to have to do some filtering for that day, because it’s amazing to do that, and maybe they pay them off and say ‘hey please don’t attack us’.

The NBN will allow different business models, and I think also we’ll see the threats change because of those different models as well, so cars being online and everything will have an IP address. Those sort of different business models may change what and how the attacks, or what information the attacks can get from it.

Sean  I see IPV6 adoption probably being a bigger problem in that space, because reputation filtering becomes much much harder, and that’s when everything has an IP address, and that’s when you have gazillions of IP addresses, and end-to-end connectivity for every device, so the idea of NAT (network address translation)  goes out the window, firewalls become much more important. But I don’t think the larger volume is going to be as much of a problem as the increased address space, for how do you defend against the attackers that come from umpteen million area.

CRN  How important do you think educating end users about user behaviour, because we talked a lot about the need for organisations to have proper policies in place and to inform their staff about bringing in USB devices etc, but I’ve never worked anywhere where anybody has told me anything that I couldn’t do.

Neil   That’s very interesting and on that point yes education is key.  I find going to my clients, number one is that we’ve all touched on where the data is, ‘What’s important to you?’ But looking at the SMB, what is the owner or the manager of that company’s viewpoint on the information? Where does it go? The problem is that a lot of the time responsibility is handed to the IT department for example, rather than the management saying ‘this is what you should do, and in the event of you not doing this X is going to happen’ and enforcing that, as more of an HR approach.

Sean  On that would you say that IT are given responsibility but not authority.

Previous PageNext Page
1 2 3 4 5 6 7 8 9 10 11 12 13 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
black swan group bridge point communications check dimension data keith price mcafee micro point rsa security symantec trend

Partner Content

Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?