1️⃣ CyberCrime
In Australia, the Australian CyberSecurity Centre received 76,000 CyberCrime reports in the 2021-22 financial year, equating to a CyberCrime being reported every 7 minutes. This represents an increase of nearly 13% and this has occurred after high-profile data breaches at Optus, Medibank, and real estate agency Harcourts.
It is clear from the recent uptick that the data breaches are only the start of the story. Once personal data has been made available to criminals, they use it to commit all kinds of CyberCrimes including identity theft. The success of hacking attempts encourages more of the same, each time with increased sophistication.
CyberCrime is now a sophisticated transnational threat that operates on a significant scale and has become an increasingly important issue for the global community. In Australia, CyberCrime describes both crimes directed at computers or other information communications technologies (ICTs) such as hacking and denial of service attacks, as well as traditional crimes where computers or ICTs are an integral part of the offence such as online fraud, money laundering, and identity theft.
2️⃣ CyberSafety
Online businesses are responsible for the eSafety of their website or app visitors. Australia has introduced eSafety legislation, which is enforced by the eSafety Commissioner. eSafety is Australia's independent regulator for online safety. eSafety educates Australians about online safety risks and helps to remove harmful content such as CyberBullying of children, adult CyberAbuse and intimate images or videos shared without consent.
3️⃣ CyberWarfare
The reality of the future of war is that much of the damage can be inflicted without soldiers ever having been deployed through CyberWarfare. Increasingly, CyberWarfare (including industrial espionage) operations are ongoing matters that are becoming commonplace and are occurring under the radar without anyone knowing it is happening. By way of example, Australia recently expanded its list of 4 critical infrastructure industries to 11.
Protecting Critical Infrastructure
The following summary of the changes has been extracted from the Legislative Information and Reforms page - Critical Infrastructure of the Cyber and Infrastructure Centre:
The regulation of critical infrastructure under the Security of Critical Infrastructure Act 2018 (the SOCI Act) now places obligations on specific entities in the electricity, communications, data storage or processing, financial services and markets, water, health care and medical, higher education and research, food and grocery, transport, space technology, and defence industry.
The SOCI Act was amended to strengthen the security and resilience of critical infrastructure by expanding the sectors and asset classes the SOCI Act applies to, and to introduce new obligations.
🧩 What can be done?
In addition to making CyberSecurity a top-priority boardroom agenda item, I recommend the following to make the biggest impact we can on CyberSecurity, starting with encouraging everyone to upskill and increase their CyberSecurity awareness and training.
▶️ Free CyberSecurity Training & Certification
During the period that I have been writing this blog article for the Globalsign blog I have completed the ISC2 free online self-study course and taken and passed the free exam to earn the Certified in CyberSecurity credential. I encourage everyone to do the same.
💡 Lockdown Online Account Access: Use your Biometric Data + a GlobalSign Digital Certificate +/or a Yubikey Security Key
My fear of phishing vanished after I (where it was possible – some services such as banks do not yet offer these security features) totally locked down my email and cloud accounts.
I did this using the combination of my Biometric Data, a GlobalSign Digital Certificate (configured for authentication purposes) and a Yubikey Security Key.
Now, even if a hacker somehow managed to obtain my device and password or phished my one-time access code it would be useless to them as all these even when combined would not be enough to gain access to my online accounts.
Your own Biometric Data + a GlobalSign Digital Certificate or a Yubikey Security Key can be configured to verify that you are: 1. The person seeking to login; 2. You are making the attempt from one of your trusted devices; and 3. You have physical possession of one of the registered Security Keys. (You need more than one to use as a backup just in case you lose your Security Key). If the online service is not presented with all 3 then no login is permitted. A hacker’s nightmare!
Google Case Study ➲ Zero Hacks ... Security Keys work!
According to PCMag.com, “Google's investment in giving USB security keys to all employees has been paying off. The employees haven't reported any takeovers of work-related accounts since 2017, when the new policy was introduced.” Our online searches indicate that Google has continued to maintain this secure position (zero hacks of Google work-related accounts using Security Keys) until April 2023.
🧬 GlobalSign Example: Using Digital Signatures to help prevent Spoofing!
How Digitally Signing & Encrypting Emails Protects Against Phishing and Data Breaches
Email offers convenience and benefits, but also poses some risks. Hackers are savvy at targeting organisations via email, including intercepting messages to get at sensitive information or email spoofing with the intent of pushing to phishing sites or triggering malicious downloads.
Using S/MIME Digital Certificates to digitally sign and optionally encrypt emails mitigates these risks. Digitally signing and optionally encrypting your emails (where the recipient of your email also has a Digital Certificate and has already shared it with you) ensures message privacy, keeps sensitive data from falling into the wrong hands, and assures the recipient that emails are coming from you and haven't been altered since they were sent.
To help our Clients and Colleagues have increased confidence that the email they have received is actually from Blue Ocean Law Group, we have adopted and configured the automated use of GlobalSign Digital Signatures (which use our GlobalSign verified and issued Digital Certificates) every time we send an email.
Our Clients and Colleagues can now look for a symbol (which may vary depending on their email client) such as a green padlock or a “Signed” message in the email header when they see an email from Blue Ocean Law Group on their mobile phone/iPad/laptop/desktop.
New Digital Certificate Issuance Baseline Verification Standards
The leading 19 from 22 global Certificate Authorities (CA) including GlobalSign, and 4 major consumers (Apple, Mozilla, rundQuadrat, Zertificon) have recently agreed to new baseline verification standards required prior to issuance of S/MIME Digital Certificates (effective September 2023). This increased level of self-regulation linked to the issuance of Digital Certificates is aimed at further increasing confidence that the sender of the Digitally Signed email has been verified as being genuine.
Conclusion
As hackers become more sophisticated, we need to be aware that at some point our organisations will become their targets. It is indeed comforting to know that there are proven cost-effective CyberSecurity strategies (like those highlighted in this blog article) we can all implement (technical help may be required) that have the potential to stop them in their tracks.
As a public Certificate Authority that is trusted worldwide, GlobalSign can help your business to build trust and credibility as you go about and conduct your daily operations.
If you’re interested, email marketing-apac@globalsign.com today.
