THE HOPLON ADVOCATE – December 2021

Click here to view the PDF version

In this month’s issue we introduce the team, define Cyber Security & review the ACSC’s Annual Cyber Threat report & its key findings. Plus top tips to stay Cyber Safe this festive season.

Meet the team:

Executive

Expert Advisory Board

Technical Team

 

Jimmy’s view

The evolution of the term “Cyber Security”

Cyber security is now defined as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing.

William Gibson introduced the word “Cyberspace” in his 1982 novelette “Burning Chrome”.

He is credited with popularising the terms “Cyberspace” & “ICE” (Intrusion Countermeasures Electronics) in the popular novel Neuromancer (1984).

Late in 1988, a man named Robert Morris had an idea: he wanted to gauge the size of the internet. To do this, he wrote a program designed to propagate across computer networks, infiltrate Unix terminals using a known bug, & then copy itself. This last instruction proved to be a mistake. The Morris worm replicated so aggressively that the early internet slowed to a crawl, causing untold damage.

The worm had effects that lasted beyond an internet slowdown. For one thing, Robert Morris became the first person successfully charged under the Computer Fraud & Abuse Act (although this ended happily for him—he’s currently a tenured professor at MIT). More importantly, this act also led to the formation of the Computer Emergency Response Team (the precursor to US-CERT), which functions as a non-profit research center for systemic issues that might affect the internet as a whole.

After the Morris worm, viruses started getting deadlier & deadlier, affecting more & more systems. It seems as though the worm presaged the era of massive internet outages in which we live. You also began to see the rise of antivirus as a commodity—1987 saw the release of the first dedicated antivirus company.

In 1989, the term “Cyber Security” was officially coined & entered the English lexicon.

For a long time IT professionals used the label IT Security as a term to mean the protection of IT systems & their data through various methods such as access gateways, firewalls, encryption, vulnerability scanning & even physical security.

Now, as the world becomes increasingly digitalised, how we use IT has a broader impact. The landscape of devices has also increased, from the humble desktop, to laptops, tablets, phones, IOT device of all different types; toasters, fridges, watches etc.

The real transition from IT Security to what we now call Cyber Security came about when the typical attacker moved from “script kiddies” at University to well funded organised crime groups launching devastating Cyber Attacks on all type of IT systems.

This include things that we would have not consider vulnerable in the past, such as smart TVs or even nuclear power plants!

With these new types of attacks came new types of defences such as SIEM (Security Information & Event Management) & SOAR (Security Orchestration, Automation & Response) technologies, & the creation of the SOC (Security Operation Centre) staffed 24×7 continuously looking for attacks, or breaches of data.

Cyber Security attacks are now focusing purely on the Individual, for example: Identity Theft, Cyber Fraud, Crypto-locking, Scams & Spear Fishing just to name a few.

Hackers & malicious actors are always seeking new ways to bypass cyber defences & this has resulted in a booming demand for Cyber Security software to provide tailored solutions for businesses & individuals.

 

ACSC’s Annual Cyber Threat Report 2020-2021

The main trends in the Financial Year 2020-2021 were:

Malicious actors exploited the COVID-19 environment by targeting Australians searching for information online, using spear-phishing to encourage recipients to enter personal credentials for access to COVID-related information or services.

Disruption of essential services and critical infrastructure: approximately one quarter of cyber incidents reported to the ACSC during the reporting period were associated with Australia’s critical infrastructure or essential services.

The ACSC recorded a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year.

Rapid exploitation of security vulnerabilities sometimes within hours of public disclosure, patch release or technical write up – particularly if proof of concept (PoC) code that identified the vulnerabilities in systems was also released.

Supply chains – particularly software and services – continue to be targeted by malicious actors as a means to gain access to a vendor’s customers.

Business email compromise (BEC) continues to present a major threat to Australian businesses and government enterprises, especially as more Australians work remotely. In the 2020–21 financial year, the average loss per successful event has increased to more than $50,600 (AUD) – over one-and-a-half times higher than the previous financial year.

By the numbers:

 

The main take-away from the report is that Cybercrime is on the rise & will continue to rise over time. Sectors at risk need to improve their Cyber Resilience by taking steps to secure their credentials, harden their infrastructure & increase their awareness of threats.

“Silly season” Handy Tips:

The best way to stay secure while shopping online is to know how to look for suspicious websites and boost your protective security measures.

• Know your sellers:
• To verify a site you’re looking at, do a browser search for other web pages or profiles by that seller. Compare logos, business names, URL addresses and contact details. If they don’t match up, steer clear!
• Type the web address directly into your browser, rather than clicking on a link provided in an email or in an advertisement. This will help ensure you don’t get directed to a fake website.
• Be cautious of sellers offering unbelievably low prices. If it looks too good to be true, it probably is!
• Pay Securely
• Use secure payment methods like PayPal, Bpay or your credit card and never pay by direct bank deposits, money transfers or other unusual methods (such as Bitcoin), as you’re unlikely to get your money back if you’ve paid a scammer.
• Fake Parcel Delivery scams
• Be wary of messages that don’t address you personally, have few or no details about your order, or threaten to charge you a fee for holding an undelivered item.
• Think before you click – remember Australia Post will never ask you to click a link to print out a receipt for parcel collection, nor will they ask you to update or verify your personal information.
• If you’re unsure, call the organisation but remember to use contact details from a verified website or other trusted source.
• Be aware of the personal information you share online
• Always use strong and unique passwords, watch out for phishing emails or texts, and be aware of what you share online to keep your personal information safe.

 

Hoplon Cyber Security are here to help – call us on 1800 491 471 for a complimentary consultation.

You can also head to our website for a free assessment:

https://hoploncyber.com/health-check/

Stay Cyber Safe.

The Hoplon Cyber Team.

https://hoploncyber.com/

1 300 312 862

advice@hoploncyber.com

175 Melbourne Street

South Brisbane QLD 4101

 

THE HOPLON ADVOCATE – January 2022

Click here to view the PDF version.

Welcome to 2022 – let’s hope it is a better year than 2021!

In this issue we relate a Christmas Tale: the Birth of Hoplon Cyber Security & focus on Ransomware – a key attack vector for Cyber criminals which saw a sharp increase in 2020/2021.

Hoplon Cyber Security – the beginnings.

With the recent celebration of baby Jesus’ birth it seems like an appropriate time to reminisce on the inception of Hoplon Cyber Security.

Hoplon Cyber Security was born from a visible need for a comprehensive personal Cyber Security solution for individuals & their households.

3 partners, with a long association through club cycling, Richard, John & Jimmy launched the business in July 2019 with a view to provide services to Households initially.

At the time the only solutions available to the general public were “Off the shelf” basic Antivirus (eg Norton360, McAfee, etc…), password management tools & backups (physical or cloud-based). The 3 amigos felt a holistic offering for households would be an attractive proposition & over many bottles of quality red wine the concept was developed & refined.

JF joined the team in November 2020 & Hoplon Cyber Security officially launched in February 2021. While attending the Queensland Cyber Security Innovation node launch in March 2021 we received feedback from the biggest segment of the business community (Small Businesses under 20 employees) that few – if any – options were available for their partly or fully-decentralised workforce (Working From Home).

As all these professionals work from home at least some of the time, the Hoplon Cyber offering was swiftly expanded to provide for this overlooked community & now caters to 3 distinct demographics: SMEs (under 20 employees), Professionals Working From Home & Individual Households.

Hoplon Cyber Security is based in Brisbane, locally owned & operated & tailors its solutions individually for each customer.

The Hoplon Cyber team is always reviewing the rapidly evolving products & services in the industry to ensure market-leading protection & peace of mind for its customers.

What is ransomware?

Definition(s):

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.

(Source – Wikipedia).

Another definition, from the ACSC (Austcyber) website:

Ransomware is a type of malicious software (malware). When it gets into your device, it makes your computer or its files unusable.

Cybercriminals use ransomware to deny you access to your files or devices. They then demand you pay them to get back your access.

Ransomware works by locking up or encrypting your files so that you can no longer use or access them. Sometimes it can even stop your devices from working.

How does it work?

While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, & demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – & difficult to trace digital currencies such as paysafecard or Bitcoin & other cryptocurrencies that are used for the ransoms, making tracing & prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.

Starting as early as 1989 with the first documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally.

(Source – Wikipedia).

Closer to home Ransomware has grown in profile & impact, & poses one of the most significant threats to Australian organisations. The ACSC recorded a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year. This increase has been associated with an increasing willingness of criminals to extort money from particularly vulnerable & critical elements of society.

Ransom demands by cybercriminals ranged from thousands to millions of dollars, & their access to darkweb tools & services improved their capabilities. Extortion tradecraft evolved, with criminals combining the encryption of victim networks with threats to release or on-sell stolen sensitive data & damage the victim’s reputation. Ransomware incidents disrupted a range of sectors, including professional, scientific & technical organisations, & those in health care & social assistance. The global impact of the Colonial Pipeline & JBS Foods attacks underscores the potential debilitating & widespread impact of ransomware attacks.

In the Financial Year 2020/2021 nearly 500 ransomware cybercrime reports, an increase of nearly 15 per cent from the previous financial year. Here is the breakdown by industry sector:

Key Cyber trends – Ransomware

Australia faced a complex and evolving cyber threat environment in 2020 and 2021.

This was in part due to the impacts of the coronavirus pandemic, but also to the increasing opportunities afforded to malicious actors, the rampant activities of cybercriminals and Australia’s geostrategic environment.

The coronavirus pandemic continued to expand the boundaries of Australia’s computer networks, pushing corporate systems into homes across the nation as a large percentage of the workforce shifted to remote working arrangements. The speed at which this occurred saw many organisations rapidly deploy new remote networking solutions, sometimes to the detriment of their cyber security. Various malicious cyber actors repeatedly took advantage of Australia’s heightened vulnerability during this time to conduct espionage, steal money and sensitive data, and disrupt the services on which Australians rely.

Alongside the virtualisation of Australian life, the disclosure of significant vulnerabilities in software used in Australian networks expanded the targeting opportunities available to adversaries.

The Microsoft Exchange and Accellion File Transfer Application (FTA), & more recently the Log4j & Log4Shell vulnerabilities were notable examples where the ACSC observed multiple compromises after initial disclosure. In some cases, both state-sponsored actors and cybercriminals were able to rapidly exploit vulnerabilities at scale, including against targets in Australia.

What to do if you are under a Ransomware attack?

“Pay or Pray”?

The reality at the coalface is quite different as we will see from Jimmy’s view now.

Jimmy’s view: Cyber Insurance & the trend towards higher premiums for non-Cyber resilient businesses.

It’s no secret that Cybercrime has been on the rise for many years now. Criminals are now taking advantage of the global COVID-19 pandemic – targeting Australians working from home.

The latest Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report (5) provides some very concerning statistics:

• a cybercrime is reported every 8 minutes in Australia
• cyber incidents grew by 13% in the last year
• the estimated cost to Australian businesses & individuals is more than $33 billion
• a 60 per cent increase in ransomware attacks against Australian entities in the past year

 

This significant increase in ransomware attacks has broader implications for businesses in Australia. Many businesses targeted by ransomware attacks are paying the ransom although exact details are generally kept confidential. Experts on the frontline of Cyber Incident Response estimate that up to 1/3 of attacks result in a ransom payment.

“We will continue to see changes in this market that will have an impact on policies & their coverage. While the ACSC discourage ransomware payments, it is a routine practice. Last month, the Government indicated it is considering mandatory reporting & as recently as last week, a House of Representative committee is reviewing this practice. Discussions include banning the practice altogether.

It is a challenging time for both insurers & their insureds, but we expect the trend of increasing up-take, lower coverage limits, price increases & greater transparency about the company’s risk mitigation strategies to continue.” (1)

This massive increase in ransomware attacks is driving cyber insurance premiums increases & will likely affect all insured businesses in the next 12 months.

“Global commercial insurance prices rose 15% globally (17% in the Pacific region) in the third quarter of 2021, the sixteenth consecutive quarter of price increases, continuing the longest stretch of increases since the inception of the Marsh Global Insurance Market Index in 2012.”  (2)

 

So, what can Australian organisations do to mitigate the risk of their premiums rising out of control? Engaging your insurance broker to understand what steps you can take to increase the Cyber resilience of your organisation. Cyber insurance underwriters will increasingly look at the risk profile of your organisation to assess its resilience to cyber attacks & adjust premiums accordingly (or even decline to provide cover).  (3)

 

Security questions will go beyond the basic antivirus software to more advanced cybersecurity protection measures such as:

• Data backup, segregation, testing & recovery
• Storage of biometric information for companies that use fingerprint scans
• IT vendor vetting process & management controls
• Employee cybersecurity training
• Remote desktop protocol (RDP)
• Endpoint detection & response (EDR)
• Email security
• Log-in security & user authentication(MFA).” (4)

 

It is safe to say that Cyber Insurance premiums will increase sharply over time & businesses with low cyber resilience will be impacted more in the form of higher premiums.

2022 is shaping to be the year to review your business’ current cyber stance & ensure the right protection is in place.

Hoplon Cyber Security’s team has a specialised Cyber Insurance broker for its customers.

We offer Risk Assessments & a broad range of Cyber Security solutions for Businesses, Professionals Working From Home & Households.

 

1. https://www.themissinglink.com.au/news/why-are-cyber-insurance-premiums-in-australia-skyrocketing
2. https://www.marsh.com/au/services/insurance-market-&-placement/insights/global_insurance_market_index.html
3. https://www.businessnewsaustralia.com/blog/facing-the-latest-impacts-of-cyber-crime–cyber-insurance-premiums-increase-for-businesses
4. https://www.rpsins.com/learn/2021/oct/us-cyber-market-outlook/
5. https://www.insurancebusinessmag.com/au/news/cyber/cyber-insurers-increasing-premiums-reducing-coverage-limits–report-312742.aspx
6. https://www.cyber.gov.au/acsc/view-all-content/reports-&-statistics/acsc-annual-cyber-threat-report-2020-21
7. https://www.abc.net.au/news/science/2021-07-16/australian-organisations-paying-millions-ransomware-hackers/100291542?utm_campaign=abc_news_web&utm_content=link&utm_medium=content_shared&utm_source=abc_news_web

 

Hoplon Cyber Security are here to help – call us on 1 300 312 862 for a complimentary consultation.

You can also head to our website for a free risk assessment:

https://hoploncyber.com/health-check/

 

Stay Cyber Safe in 2022.

The Hoplon Cyber Team.

https://hoploncyber.com/

1 300 312 862

advice@hoploncyber.com

175 Melbourne Street

South Brisbane QLD 4101

 

 

 

 

 

THE HOPLON ADVOCATE – March 2022

Click here to view the PDF version.

Well 2022 is not off to the start we were hoping for, to put it mildly. We seem to have had all the biblical afflictions in the last couple of years (short of locusts and famine – fingers crossed) and 2022 started off in the same vein. There but for the grace of God we go.

In this issue we highlight some of the potential cyber consequences from the Russian invasion of Ukraine, Jimmy shares his view on the Zero-trust concept & how it is applicable to personal Cyber Security & Working From Home – even more relevant with the ongoing weather events on the East Coast of Australia.

State sponsored hackers – conflict in Ukraine & possible fallout for Australian businesses.

Probably the best take we have seen coming out of the many column inches (or pixels more accurately) is a piece by Ciaran Martin entitled “Cyber Realism in a Time of War” – Professor of Practice at the Blavatnik School of Government, University of Oxford, who from 2014 to 2020 set up and then led the National Cyber Security Centre of the United Kingdom, part of the intelligence agency GCHQ.

Here are some excerpts from his comprehensive analysis of Cyber warfare, which highlights the limitations of Cyber attacks in modern warfare and goes some way to debunk the notion that the next war would be fought & won in cyber space.

Cyber Realism in a Time of War

It turns out that the next war was not fought in cyberspace after all. Or at least the start of it has not been.

There has been no shortage of predictions over the past two decades about the importance of the digital domain in conflict since John Arquilla and David Ronfeldt warned that “cyberwar is coming” in a Rand Corporation paper back in 1993.

As recently as November 2021, British Prime Minister Boris Johnson remarked in a testy exchange with Tobias Ellwood, chairman of the committee of the House of Commons that oversees defense, that “the old concept of fighting big tank battles on the European land mass are over … there are other big things that we should be investing in … [like] cyber—this is how warfare of the future is going to be.”

Ellwood, a strong critic of the British government’s decision to cut Army personnel in favor of investment in cyber capabilities, replied, “You can’t hold ground in cyber.” And on military tactics, if nothing else, Russian President Vladimir Putin seems to have agreed with him. Despite being one of the world’s foremost offensive cyber powers, the Russian invasion of Ukraine has, thus far, been utterly conventional in its brutality as the horrific pictures from Kyiv, Kharikiv and other cities show on an hourly basis. And Ukraine’s heroic resistance is similarly centered on the traditional understanding of war.

The Cyber Threat to Ukraine’s Western Allies 

Even though cyber operations have featured to an unexpectedly small extent in the conflict so far, the West still remains at higher risk of serious disruption—as distinct from catastrophic attack—via the cyber domain than it was before the invasion. To point out the misrepresentation of cyber capabilities, their limitations, and the lack of use of them so far in the conflict is to invite allegations of complacency. It should not; a nuanced understanding of the actual risks makes for better preparation for them.

There are two reasons why Western governments’ advocacy for implementing a posture of heightened alert—or “shields up,” in the catchy slogan of Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA)—is the right one. The first is accidental “crossfire” damage in cyber operations. There is still every chance that Russia will decide to mobilize its cyber capabilities against Ukraine to a greater extent than it has so far, particularly if cyber is seen to have a potential role in demoralizing and disrupting the Ukrainian population and the ability of Ukrainian society to function. The nature of the networked world means that those attacks may not be cauterized within Ukrainian systems.

In June 2017, the Russian military intelligence service, the GRU, launched one of its periodic cyber operations against a range of Ukrainian targets in the so-called NotPetya attack. The attack misfired, and spread globally, devastating the ability of multiple Western companies to function, causing around $10 billion in commercial damage. Maersk, the shipping giant, was heavily disrupted. Merck, the pharmaceutical company, just won its court case in January 2022 and was awarded an insurance payout topping $1.4 billion to cover its NotPetya losses. Many businesses, from the global law firm DLA Piper to Cadbury’s chocolate production facilities in Hobart, off the south coast of Australia, were badly disrupted. The irony of the NotPetya case, as with the globally devastating WannaCry hack a month earlier by North Korea, was that had the hackers done their jobs better, the global impact would have been far less. Should there be an intensification of Russian cyber aggression against Ukraine, which there may well be, especially if the war drags on, the risk of such a repeat miscalculation increases.

Professor Martin then outlines the 4 limitations which prevent Cyber War from becoming the main method of waging (& winning) wars:

Ease. Just as cyber capabilities don’t have the impact of missiles or ground troops, they can’t be directed like them either.

Effectiveness. Some of the more difficult cyber operations could have an obvious and useful impact at a time of war, such as disrupting military logistics or undermining air defenses. Outside of war, extremely complex operations, such as that undertaken against the Iranian nuclear program in 2011 via the Stuxnet worm, can give real-world strategic gain to those carrying it out. But these are usually very difficult to do. Stuxnet took years. Easier operations could be mounted against privately owned civilian critical infrastructure. As with sanctions, the aim here is not to harm, but to influence.

Escalation. So what would have such an effect? Here is where the risks of escalation would come in. If there was an attack of unprecedented sophistication on a British or American power grid, it would be blindingly obvious who had carried out it. The portrayal of cyber as a domain where there could be a decisive but secret intervention is one of the most dangerous mischaracterizations of the domain.

Ethics. This is unlikely to be on Putin’s decision tree, but it will and should be on the West’s. Health care is the obvious example.

So there are practical, strategic, and, in the case of the West, ethical limitations on the potential for escalation in cyberspace. That is not to say it won’t happen. A desperate Putin could launch whatever capabilities are at his disposal, and even with all these limits on the potency of cyber capabilities, repeated hostile attacks could cause major disruption (though most probably not death and destruction) in the West. And in any case, enough non-escalatory threats are already out there through spillover and the use of proxies to justify the current state of high alert.

What This Means for Western Cybersecurity Posture

At this early stage, the conflict so far tells us something about the limitations of cyber capabilities in both directions in this conflict. And the early stages of this war provide two important lessons of cyber realism for Western policymakers and their societies.

The first is realism about the limitations of cyber capabilities. For the reasons already explained, cyber capabilities give neither side a big red button to decisively alter the course of events. The war thus far has emphasized the limitations of cyber as a tool of war rather than its centrality to it. A more realistic consideration and public discussion of the role of cyber as a tool of statecraft—both the risks it poses and the capabilities it provides—is urgently needed. Cyber capabilities provide the potential to disrupt, delay, annoy, rob, steal from, spy on and influence an adversary. They therefore have a place in and outside of conflict, but they are not magic invisible weapons.

Read the full article here.

For us here in Australia, that means our critical infrastructure are unlikely to be targeted in the early stages of the campaign, but “accidental crossfire” may result in disruption. Our critical infrastructure networks are highly attuned to these threats & unlikely to succumb to frontal attacks. As Prof Martin says, it takes a long time to execute a successful hack on these organisations, and it is more likely “accidental leakage” will contaminate and disrupt rather than cripple. These “leakages” will impact business, and there is a high likelihood that Russian hackers will sooner or later turn their attention to “low-hanging fruit” (or businesses) in wealthy, unprepared countries who will pay ransoms to remove the malware & unwittingly support Russia’s war effort.

So what should you and your team do to protect your business?

1. Check your current Cyber Security stance (or existing IT set up).
2. Address the main vulnerabilities to avoid being a “low-hanging fruit”.

How? One of the best way to address these vulnerabilities is to implement a Zero Trust framework to your IT ecosystem and we’ll explore how in more detail below.

Jimmy’s view: Zero Trust concept & how to apply it to your own digital ecosystem

History:

John Kindervag, an industry analyst at Forrester (re)popularized the term “zero trust” but it was coined by/before April 1994 by Stephen Paul Marsh for his doctoral thesis on computational security at the University of Stirling (UK).

Definition:

Zero trust is a framework that assumes a complex network’s security is always at risk to external and internal threats.

Zero Trust requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

The Zero Trust concept became more prominent in the early 2000’s when the industry started to move their infrastructure to Cloud Platforms, and realised that it opened up a Pandora’s box of vulnerabilities from operating in relatively less secure environment, ie no longer physically contained within a network, within a business premise.

As adoption increased, the need for securing these networks (initially) and then the traffic within (and outside) of these networks. With Cloud Platforms, data moves in and out of networks into the Cloud at scale, and measures had to be implemented to secure the data.

Zero Trust addresses these vulnerabilities by validating every single digital exchange continuously, and is constantly evolving as new Cloud Platforms and interconnected capabilities are developed – think bank transactions, digital identity etc…

Jimmy says that everyone in the IT industry has a Zero Trust “target”, but the practical application of the concept is “non-trivial” – in layman’s terms – pretty tricky because of the number of “applications” used (typically by different vendors/manufacturers) and their different architectures. So you can’t apply the same protocol for say, online banking transactions and lodging your tax return through mygov as they use different software.

To make things even more complicated, when businesses have several offices, or even more commonly nowadays, employees work from home or on the road, then you have no control over what networks they use and that is a massive vulnerability both to the individual and the business.

As Jimmy points out, many businesses are operating partially or completely on the Working From Home model, which requires adaptation of standard IT managed services to address the vulnerabilities of the home environment (think children streaming pirated movies, multiplayer games, social media platforms etc…).

To apply Zero Trust to this un-managed digital environment, measures to secure devices, networks and behaviours must be implemented.

Listen to the full conversation here.

So what can business owners do?

The starting point for any concerned business owner or director – as the responsible and potentially liable individual – will be to assess their current cyber security stance, and ask probing questions of their IT provider.

Security questions will go beyond the basic antivirus software to more advanced cybersecurity protection measures such as what is being done in the areas of:

• Data backup, segregation, testing & recovery
• Storage of biometric information for companies that use fingerprint scans, retinal scans, facial recognition etc…
• IT vendor vetting process & management controls
• Employee cybersecurity training
• Remote desktop protocol (RDP)
• Endpoint detection & response (EDR)
• Email security
• Log-in security & user authentication(MFA).

A key vulnerability NOT covered by IT providers or internal IT departments is the ease of access of the home digital environment, through the phenomenon of Working From Home, which has grown exponentially in the last few years, and literally exploded since the pandemic began.

Hoplon Cyber Security was born of the unmet need for affordable & effective deployment of Cyber Security measures for SMEs (under 20 employees), Professionals Working From Home & Individual Households, who all share this key vulnerability of the home ecosystem.

Smart devices have only increased these vulnerabilities, as these small interconnected mini-computers have no built-in defences (cost factor) and come with factory settings designed to maximise ease of use and ease of connectivity. This means that they are easy to locate, access and penetrate by external parties to the household.

Hoplon Cyber Security’s main focus is to prevent malicious access of the home digital ecosystem using the Zero Trust framework and principles.

Hoplon Cyber Security is based in Brisbane, locally owned & operated & tailors its solutions individually for each customer.

The Hoplon Cyber team is always reviewing the rapidly evolving products & services in the industry to ensure market-leading protection & peace of mind for its customers.

Hoplon Cyber Security are here to help – call us on 1 300 312 862 for a complimentary consultation.

You can also head to our website for a free risk assessment to determine your current cyber security stance & vulnerabilities.

https://hoploncyber.com/health-check/

Stay Cyber Safe in 2022.

The Hoplon Cyber Team.

https://hoploncyber.com/

1 300 312 862

advice@hoploncyber.com

175 Melbourne Street

South Brisbane QLD 4101