Global Security Intelligence
Global cyber security threats have evolved dramatically over the last decade, driven by the increased adoption of cloud computing and take up of mobile devices. This has created a dynamic landscape where organisations require a range of mitigation strategies to effectively protect digital assets and meet increasing compliance obligations.
Cyber-attacks against enterprise and Government IT systems often cost millions of dollars to recover from and these costs are rising with the massive adoption among enterprise of smart technologies and connected devices that make up the Internet of Things. Responding to these challenges, NEC Australia has established a new Global Security Intelligence Centre (GSIC) in Adelaide.
Complementing NEC’s investment in similar facilities in Japan and Singapore, the $4.38M facility will develop, deliver and extend NEC Australia’s cyber security capabilities. This will enable the adoption of new business models and the creation of many new, highly skilled jobs in Australia.
NEC Australia’s cyber security framework is very much focussed on People, Process and Technology to ensure that our customers effectively manage their exposure to cyber-attack. We offer a broad range of security solutions and services, from consulting and integration through to managed security services and ‘as a service’ security services.
While the IT systems of critical infrastructure providers face the same level of risk from cyber-attacks as do other enterprises in the private and public sectors, a cyber-attack on critical infrastructure can have much broader and deeper consequences for society and the economy. This puts added pressure on IT decision makers and influences how they design, implement and maintain their cyber-defences.
Accepting the fact that the threats are both constant and, in terms of the means and methods, constantly evolving, the key to successful mitigation is the development of a proactive strategy of monitoring and detection. This includes close collaboration with all stakeholders in critical infrastructure operations and the involvement of senior leadership in driving strategy. A recent report by The Economist (pdf) analyses the results of a global survey of 200 executives with responsibility for supporting and managing critical infrastructure IT systems.
NEC Australia's Cyber Security Framework
SOC: 25+ Multi-discipline trained team
Wide engineering coverage across Australia
Partnering with the industry's smartest
Government policy aligned (ASD Top 35, ISM, iRAP)
Customer tested incident and event management processes
Gartner Magic Quadrant Leader
Security intelligence from NEC's global SOC's, partners and customers
Specialist National Cyber Security Practice in Australia
State-of-the-art Global Security Intelligence Centre (GSIC) in Adelaide
The Australian Government has defined cyber-attack as a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. A recent global study has found that 80% of organisations agree that over the next three years, the proliferation of connected devices, the ‘Internet of Things’ and ‘Big Data’ will make them more vulnerable to a serious cyber-attack (pdf).
The Australian Government’s peak cyber agency, the Australian Cyber Security Centre (ACSC) have just released the 2016 Threat Report (pdf). The report highlights the growing prevalence and threat of cyber assaults across government, business and society. This will be one of the industry’s most influential and important reports that guide both private and public sectors on their decisions into cyber security.
Threat to Government
Australian Government networks are regularly targeted by the full breadth of cyber adversaries. Attackers pose a threat to government-held information and provision of services through both targeted and inadvertent compromises of government networks with ransomware.
Attackers will continue to use low sophistication cyber capabilities – website defacement, the hack and release of personal or embarrassing information, DDoS activities and the hijacking of social media accounts – to generate attention and support for their cause. As such, issue-motivated groups pose only a limited threat to government networks, with possible effects including availability issues and embarrassment. Some attackers intend to cause more serious disruption and may be able to exploit poor security to have a greater impact.
Threat to Private Sector
Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of local businesses. Activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies.
The ongoing theft of intellectual property from Australian companies continues to pose significant challenges to the future competitiveness of Australia’s economy. In particular, cyber espionage impedes Australia’s competitive advantage in exclusive and profitable areas of research and development – including intellectual property generated within our universities, public and private research firms and government sectors – and provides this advantage to foreign competitors.
Example of threats
Spear Phishing - Refers to emails containing a malicious link or file attachment. This remains a popular exploitation technique for many cyber adversaries, with methods used becoming more convincing and difficult to spot. As such, spear phishing emails continue to be a common exploitation technique used in the compromise of Australian industry networks. Attackers are targeting industry personnel in order to gain access to corporate networks; individuals with a large amount of personal or corporate information online make it easier for adversaries to target that individual or their organisation. Attackers also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft their spear phishing emails, and use sophisticated malware to evade detection.
- Ransomware – Refers to a type of malware that prevents of limits users from accessing their systems. Ransomware encrypts the files on a computer (including network shared files and attached external storage devices) then directs the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom demanded in Australia has typically ranged from anything up to tens of thousands of dollars.
- Secondary targeting – Refers to cyber attackers attempting to gain access to enabling targets – targets of seemingly limited value but which share a trust relationship with a higher value target organisation. It is imperative that organisations understand that they might be targeted solely based on their connections with other organisations – the real target of these adversaries.
- Keystroke Logging – Refers to the act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user. Attackers deploy software or a hardware device on to target machines or networks. Each keystroke is recorded and re-routed to the attackers. Real-time alerts can be set up to enable attackers to receive instant updates on exactly what is being typed.
- SQL Injection – Refers to a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. On a web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most web forms have no mechanisms in place to block input other than names and passwords. Attackers can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
- Bug Poaching – Refers to when an attacker breaks into a network and creates an analysis of the network’s private information and vulnerabilities. The attacker will then contact the corporation with evidence of the breach and demand ransom – similar to ransomware. Unlike a typical ransomware attack, once information is stolen, an attacker will extort the company for information on how their system was breached, rather than the stolen data itself.
- Distributed Denial of Service (DDoS) – Refers to an attack in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The victim’s site struggles to address all traffic requests, which slows performance and eventually brings the site down. DDoS can act as a smokescreen for other threats.
- Cross-Site Scripting – Refers to an attack which is carried out on web applications that accept input, but do not properly separate data and executable code before the input is delivered back to a user’s browser. An attacker loads malicious script via a webpage, which is then saved into a database. Valid site users then enter data into this database via webpage at which time a call back is made to the attacker with the relevant data requested.
NEC Australia provides a full range of cyber security services, to commercial companies and the State. These services are being delivered and managed from our state of the art Security Operation Centre.
Examples of our services
- Firewall, AV, IPS/IDS and Secure Web gateway management services
- Security Information and Event Monitoring as a service (SIEM)
- Privileged Access Management, Privileged Identity Management
- Security policy, governance and consulting services. May include full risk assessment, audit, gap analysis and certification assistance
- Threat management and incident response services
- Penetration testing and vulnerability assessment services
- The offerings are built on industry leading technologies alongside key strategic partnerships.
Why customers choose NEC
Security of IT systems, data and information is fundamental to securing staff and customers and facilities. So when it comes to selecting a partner you need one with:
- Leading edge technology, that can be customised to your needs
- The right mix of local, national and global capability to deliver the entire scope of cyber security services
- A proven ability to protect critical systems and a track-record of delivering on our commitments
- Flexible commercial models on offer to reduce overall cost of “service” ownership
Customers are facing an ever evolving threat landscape and attack types change daily. Staffing levels struggle to cope with the complexity of such threats and organisations struggle to fill the knowledge and skills gaps as well as the initial investments needed to provide suitable support and technology to help. Adoption of cloud services amongst the majority of companies is also causing visibility and control issues which actually hold back adopting new, innovative technologies due to unknown risks. Companies adopting a managed security service are looking for:
- Greater visibility and control of real time threats
- Reduced risk profile
- Improved security posture
- Leverage expert skills
- Alignment to compliance/governance and policy standards
- Adoption of newer, cutting edge technologies to drive innovation
Service operates 24 x 7 x 365
The always on service provides out of hours coverage, improving visibility and enables businesses to improve overall security awareness and reduce risk round the clock.
SIEM as a service
Reduces time to detect and time to respond to an incident. Consistent tuning of the service provides quick returns on investments versus possible attack costs.
Privileged threat analytics
Shortens an attacker’s window of opportunity and reduces potential damage, accelerates remediation and accelerates time to value.
NEC Security Operation Centre (SOC) team
NEC SOC team are leveraged and provide expert analysis, escalation and incident handling.
Other benefits include:
- Compliance to governance and audit rules
- Improved case management
- Flexible commercial models (greatly reduced cost when taken as a service)
- Enhanced protection of staff and customer data