ASX 200 not prepared for attacks
New research shows even the most mature and well-resourced listed companies have trouble with cyber security basics.
In a worrying sign of Australia’s cyber security preparedness, new research shows more than two thirds of ASX 200 companies have weak or non-existent anti-phishing email defences.
The research, from NASDAQ-listed security automation provider Rapid7, found that even the most mature and well-resourced ASX 200 organisations have trouble sufficiently deploying cybersecurity basics.
It found, on average, ASX 200 organisations expose a public attack surface of 29 servers or devices, with many companies exposing 200 or more.
It also found that all industry sectors had at least one organisation that had been infected with malware. These compromises ranged from company resources being co-opted into denial-of-service amplification attacks to signs of EternalBlue-based campaigns similar to WannaCry and NotPetya.
“This report demonstrates that even the most talented, best-resourced IT departments in Australia and New Zealand still face daily challenges in keeping their internet-facing assets up-to-date with supported versions of business-critical software and keeping up-to-date with the latest patches,” Rapid7 research director Tod Beardsley said.
Mr Beardsley said Rapid7 measured the internet-facing security profiles of the ASX 200 during Q4 2018 by examining the number of exposed servers and devices; the presence of dangerous or insecure services; phishing defence posture; weak public service and metadata configurations; and joint third-party website dependency risks.
“Having an accurate view of the resiliency of organisations and industry sectors to withstand cyberattacks can focus efforts to reduce and manage exposure among those industries that need it most and enhance cooperative efforts between government and the private sector to better protect companies and their employees and customers,” he said.
“Measurement of industry-level exposure can also inform industry-specific working groups that share cybersecurity information and threat intelligence.
“Business leaders that have an ongoing dialogue with their industry peers about cyber-exposure can be broadly beneficial to the digital ecosystem.”
Dick Smith pleased social media firms face new $50m scam fines
The outspoken businessman has welcomed new legislation that’ll pose fines of up to $50m for social media companies, banks and telcos which fail to actively detect and prevent scams.
Apple TV+ finally comes to Android phones
Apple has finally released its streaming platform on rival Android devices, and is offering users a seven-day free trial amid pressure to open up its tightly-controlled systems.