Victorian Hospital attack underscores cyber risk

By Sean Lengyel

With seven Victorian regional hospitals in lockdown for more than 24 hours after a crippling ransomware attack in October, Australia was once again made aware of the threat of cyber criminals.

The ransomware attack by unidentified criminals blocked access to several hospital systems including financial management, with hospitals in some cases having to revert to manual systems.

According to media reports no patient data was stolen but aim of the attack was to extract payment rather than steal information.

The hack demonstrates the ongoing importance of data security, particularly in relation to the protection of records.

Managing cyber risk is an increasing issue for Australian organisations including Defence, Government, Health, Education and Financial Services. Cyber security is no longer a potential risk, it’s an ever-increasing threat to Australian businesses today.

It seems every week brings more news of hacking efforts at major banks, credit card providers, and large multi-national companies. The Australian National University (ANU) hack in June and this most recent attack on Victorian hospitals show the wide range of industry sectors being targeted.

So why is this relevant for Information Managers? Cyber security is about protecting your information and critical assets from illicit access, theft and damage. Corporate data at risk includes; customer information, employee records, financial records, personal information and intellectual property. Information Managers, as custodians of records and the policies and procedures governing them, play a vital role in ensuring Organisations protect against cyber-attacks.

Cybercriminals can also disrupt your business through compromising your IT infrastructure to cause financial and business loss.

Is Antivirus enough?

Antivirus software alone is not able to provide sufficient protection.  It is estimated that Antivirus products only detect 30-40% of malware on the web.

The Victorian Hospital attack was achieved via a "phishing" email containing a malicious payload.

This is just one of so many ways that innocuous emails or applications can provide a means of entry for cyber criminals.

At Citadel we recently encountered another seemingly harmless application that provided a back door entry for outside agents.

A simple free Screen Capture utility looked innocent enough, but on further investigation, it was discovered that code within the software beaconed back to a Chinese IP address. This was highly suspicious, especially considering the software was developed in the United States.

After being installed onto a test machine, the software immediately attempted to download malicious code.

Cybercriminals typically use this method to pull down secondary stage malware onto a machine, to execute and potentially take control of a computer or a network with little or no evidence that anything untoward has occurred. Once a cybercriminal has access, any data on that system is compromised.

Antivirus products are NOT a silver bullet for detecting malicious activity, a professional defence-in-depth model is essential to protect your corporate information, combining secure software solutions and a trusted implementation and support team.

Secure Cloud Technology

One of the benefits of operating in a cloud environment is that no installations are needed on end devices and therefore exposure to attacks is significantly reduced. Citadel-IX is a secure information management solution that brings together security and information management expertise and utilises cloud technology to deliver a secure and trusted, fully hosted enterprise content management system.

Citadel-IX is the only end-to-end ISO 27001 certified Content Manager Solution in Australia and this certification demonstrates a proactive approach towards information security threats and adoption of best practices to minimise threats.

Sean Lengyel is Senior Information Security Officer at The Citadel Group