Defence Minister Linda Reynolds has insisted the government is strongly committed to strengthening cyber resiliency across Australian business, following the crippling ransomware attack on logistics giant Toll Group.
Jonathan Sharrock, the managing director of Cyber Citadel, which provides services including system penetration testing to clients in the logistics, education and pharmaceuticals sectors, said the cost and challenge of rebuilding systems at Toll would be significant.
While it may sound simple to an outsider to suggest the company should just fire up its backups and get going it could be far more complex.
“You are pretty much starting from scratch and it’s quite horrible for them to have to go through that … If their backups were not offline, they could possibly have backed up the problem,” Mr Sharrock said.
“Another problem is that you bring the systems back online before you have got rid of whatever caused it … that can basically put you back to where you were in the first place.”
A company can have 99 per cent of its security in good shape, but it only takes the other one per cent.— Jonathan Sharrock, managing director of Cyber Citadel
One problem in reverting to old instances of a technology system is knowing how long an intruder has been inside. Mr Sharrock said, depending on which country’s statistics you look at, the average “dwell time,” where a hacker simply sits inside a network and watches how the organisation operates, started from six months.
He said that, while companies could view Toll’s problems as a wake-up call, in reality, it would take a significant change of attitude in many board rooms and executive suites before the issue of cyber preparedness was elevated sufficiently.
Many CEOs, he said, placed little weight in the views of technology security staff, and had only a passing understanding about the level of threat cyber vulnerabilities posed.
“The analogy with the garden shed, is that when the light’s off it’s not messy, but when you start shining the torch, it starts showing all the stuff piled up,” Mr Sharrock said.
“Sometimes companies seem to not want to really know, because then there is an investment that needs to be made, and unless the directive is coming from the top down it gets pushed away.”
While it may sound like Toll is being criticised for not doing enough to prevent itself being breached, Mr Sharrock said that, in reality it was incredibly difficult for even well-organised companies to stay ahead of well-funded and incredibly patient adversaries.
“A company can have 99 per cent of its security in good shape, but it only takes the other one per cent, so it is certainly not an even playing field,” he said.
“With Toll we don’t know yet where the attack has come from, but these guys are often well coordinated with massive amounts of resources … if they are state sponsored, which we still don’t know, that means unlimited resources and unlimited time, that’s hard to beat.”
Full article published in Financial Review (afr.com) – 18 February 2020 (paid content) Toll cyber hack puts pressure on government (afr.com)