The Armoury - June 2024

Welcome to The Armoury.

Cyber threats are getting sophisticated, and the number and style of threats are on the rise. We understand that your schedule is packed, but staying informed about cybersecurity is a top priority. With The Armoury, we've curated the most relevant and important content from trusted sources. Our team handpicks articles, news items, and tips that you need to know, saving you time and effort while ensuring you have the knowledge to protect yourself and your organisation.

?If you ever decide that The Armoury no longer aligns with your needs, you can easily unsubscribe at any time.

Stay safe.

Latest Cybersecurity News

• ASIC's Cybersecurity Initiative. ASIC plans to launch a new threat intelligence platform using funds from Australia's federal budget. The $206.4 million allocation aims to enhance cyber security alongside APRA, combating online fraud with a mandatory industry code. Chairman Joseph Longo highlighted the platform's role in detecting cyber threats, part of ASIC's digital transformation to strengthen regulatory systems. ASIC also aims to leverage AI and other technologies for more effective regulation and enforcement. Source: CyberDaily AU
• Medibank Faces Legal Action Over Massive Data Breach. Medibank faces legal action after a cyber attack exposed data of 9.7 million customers, prompting the Australian Information Commissioner to allege serious privacy breaches. The Medibank and ahm hack were one of the largest-ever breaches of Australian customers' data which involved sensitive personal details and could result in fines exceeding $21 trillion. Medibank, accused of failing to protect data adequately, intends to defend itself despite widespread customer and expert criticism over the security lapse and its aftermath. Source: ABC News
• FBI Provides 7,000 LockBit Ransomware Decryption Keys for Victim Assistance. The FBI has revealed possession of over 7,000 decryption keys linked to LockBit ransomware, urging victims to visit ic3.gov for data recovery. LockBit, associated with 2,400 global attacks including 1,800 in the US, saw its infrastructure dismantled by UK authorities in February. Despite recent disruptions, it remains active under new management. The FBI warns against ransom payments due to uncertain data deletion, highlighting ongoing ransomware threats and evolving attack tactics. Source: The Hacker News

Cybersecurity Tips & Best Practices

• Use Secure Wi-Fi Connections: Avoid connecting to public Wi-Fi networks for sensitive activities like online banking or shopping. If necessary, use a virtual private network (VPN) to encrypt your internet connection and protect your data from eavesdropping by cybercriminals on public networks.
• Limit Information Sharing: Be mindful of the information you share online, especially on social media platforms. Avoid sharing sensitive personal details such as your address, phone number, or financial information publicly. Cybercriminals can use this information for social engineering attacks.
• Create a Cybersecurity Culture: Foster a culture of cybersecurity awareness in your workplace or among your family members. Encourage open communication about potential threats and educate everyone on the importance of following cybersecurity best practices.

Cybersecurity awareness & education

Did you know?

Over 90% of malware is delivered via email. Attackers often exploit email vulnerabilities with phishing tactics and malicious attachments. Implementing strong email security measures, such as advanced spam filters and educating users about recognising suspicious emails, is essential to protect against these pervasive threats and safeguard organisational data.

Cybersecurity FAQ

10 questions to assess cybersecurity risks within an organisation:

1. Does the organisation have a documented cybersecurity policy that is regularly reviewed and updated?
2. Are there clear roles and responsibilities defined for cybersecurity within the organisation's leadership?
3. How often does the organisation conduct cybersecurity training and awareness programs for employees?
4. Is there an inventory of all hardware and software assets, including critical systems?
5. Are access controls implemented to limit user privileges based on job roles and responsibilities?
6. Does the organisation conduct regular vulnerability assessments and penetration testing?
7. Is there an incident response plan in place, and is it regularly tested and updated?
8. Does the organisation monitor network traffic and system logs for suspicious activities?
9. Are data protection measures in place, including encryption for sensitive information?
10. How does the organisation ensure compliance with relevant cybersecurity regulations and standards?

These questions can help organisations evaluate their current cybersecurity posture, identify potential gaps, and prioritise improvements to mitigate risks effectively.

Cybersecurity Events

Event Name: CISO Melbourne

Date: 16 – 17 July 2024

Location: Crown Promenade

Register Here

Event Name: Gartner Data & Analytics Summit

Date: 29 – 30 July 2024

Location: Sydney, Australia

Register Here

Cybersecurity Trivia of the Month

The most common password used by individuals is "123456," followed closely by "password." Both are highly insecure and easily guessed by automated hacking tools.

Recent Ransomware Breach

Australian Mining Company's Data Leaked by Ransomware Gang

Northern Minerals, an Australian rare-earth metals producer, suffered a data breach attributed to the BianLian ransomware group. Detected in March 2024, the breach resulted in the exposure of sensitive operational, financial, and personal information on the dark web. This includes project details, research data, employee personal information, and corporate emails. Despite minimal impact on operations, Northern Minerals has initiated responses with legal and cybersecurity experts and notified affected individuals. The incident underscores ongoing cybersecurity threats facing mining companies, amid broader geopolitical concerns involving Chinese investments in rare-earth mining sectors globally. Source: Security Week

Cybersecurity Meme of the Month

Sign up for The Armoury

Sign up for our The Armoury to get the latest updates on Cybersecurity first-hand via email.

#itbusiness #technology #cybersecurity #cybersecuritytips #cybersecurityupdates #innovation

?