static image

Defence hacking a cautionary tale

"The report that a local defence subcontractor was infiltrated by a hacker last year is another cautionary reminder of how Australian businesses, irrespective of size, are not immune to cyber security threats and attacks. The description of the company as a small engineering firm of about 50 employees, with just one IT staff member, could be used to describe many Ai Group members, and should set off alarm bells for many business owners," Ai Group Chief Executive, Innes Willox said today.

"You are never too small to attract the attention of hackers. If businesses do not act, it is only a matter of 'when' and not 'if' this will happen to them.

"This incident has received much attention due to the connections to the defence industry, however, what was stolen was commercial information that is now in the hands of potential competitors.

"Business owners do not go home at the end of the day without locking the front door; similarly, there is an expectation that modern businesses undertake some basic steps to protect their IT systems. Cyber security is a big business and can be intimidating for SMEs, but the fact is, there are four simple steps that companies can do themselves that will protect them from 85% of threats. Ai Group has prepared a fact sheet and expert presentations to give companies guidance on this.

"Companies feeling confident that they have already implemented these steps should take this incident as a prompt to look closely at their supply chains for potential weak links. We can assume that this company was targeted as a potential back door to their larger customer. The value of IT systems lie in their interconnectivity, which is also their vulnerability," Mr Willox said.

Further information

The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, 'business email compromise' and industrial control systems. At least 85% of the adversary techniques used in targeted cyber intrusions which ASD has visibility of could be mitigated by implementing mitigation strategies referred to as the 'Top 4'. Incorporating the Top 4, the eight mitigation strategies with an 'essential' rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations. Any organisation that has been compromised despite properly implementing these mitigation strategies is encouraged to notify ASD. The mitigation strategies can be found here:

On 10 October 2017, the Minister Assisting the Prime Minister for Cyber Security, the Hon. Dan Tehan MP, launched the Australian Cyber Security Centre's 2017 Threat Report. The Report notes “the growing public appetite to understand and defend against the evolving cyber threats facing Australia. High profile incidents of cybercrime have exemplified the speed with which cyber threats can propagate globally, how rapidly adversaries can adapt to security responses, and how easily a compromise can impact an organisation's core functions or services." This is an informative report that can be found here:

Media enquiries: Tony Melville – 0419 190 347