Story image

Vodafone NZ: Security threats becoming more sinister...

15 Sep 2014

Colin James, Vodafone New Zealand head of security, puts forward the telco perspective on security and how increasing threats are impacting your customers.

It's easy for your customers who are owners of New Zealand businesses to look at the recent major security breach of eBay and think 'That won't happen to my company'.

It’s true, the hackers who stole the personal data of up to 233 million people were likely organised, and used sophisticated tools. And eBay was probably a target because of its sheer scale.

But the attack is representative of a growing trend of more sinister security breaches.

What do these large security breaches of overseas-based organisations mean for New Zealand companies?

Over the last four years we have seen a large rise in the number of strategic, organised attacks. A more disturbing type of breach that’s becoming more common is when hackers attack an organisation’s financial assets and intellectual property, known as advanced persistent threats.

This is when attackers use multiple tools – such as spear phishing emails, cold calling and brute-force (trying several different passwords to enter a system). This sort of attack is sinister and can cause irreparable damage to an organisation.

Kiwi companies might think they are immune, but we have many entrepreneurial companies with valuable intellectual property who could be targeted, particularly those in international trade or technology innovation.

As a large corporate, we are in a unique position to act on known malicious content that could be traversing our networks, offering a level of protection to customers.

However, it does raise the question of whether a telco should be doing this at all? With concerns around privacy, especially in relation to national surveillance networks, it is an interesting debate to consider the duty the network provider has on protecting its customers, given that it could be seen as a form of censorship to block content.

Weaponised cybercrime...

Another concerning trend is the shift in cybercrime to become more weaponised. For instance, CyptoLocker is a malware that can come disguised as a legitimate email attachment. The nature of this encryption is to hijack a machine and to demand money. The victim of the attack must pay to have their files ‘released’.

What should companies do to protect themselves in this sort of environment?

At the very least, your customers need to understand potential threats and look for any irregularities such as their systems randomly communicating with a server overseas.

If they find something suspicious, you can provide the necessary advice. The National Cyber Security Centre can also offer advice and assistance.

A good basic prevention strategy might be:

* Use application whitelisting – only allow permitted and trusted applications to run, preventing malware from being able to execute

* Patch applications – make sure all security patches are applied to applications like Java, Flash, PDF reader etc

* Patch operating system vulnerabilities

* Minimise administrative accounts and their use.

By Colin James, Vodafone New Zealand head of security

Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."