Cyber attacks are becoming a serious risk for enterprises and governments, and could be detrimental if no action is taken in the near future.

The global president of McAfee Mike DeCesare recently explained to The Australian Financial Review that Australia is lagging behind other developed nations when it comes to cyber security laws, and a major coordinated attack could come within the next two years.

Changing methods of attack, couple with the reasoning of attackers, is presenting a risk for Australian enterprises and government departments. Understanding the state of Australian cyber security will be essential when formulating appropriate defensive measures.

Changing attacks

In the past, countries such as Australia have been targeted by hostile organisations and nations for financial means, but attacks could increasingly escalate toward disrupting states. Attacks could focus on taking down systems that control critical infrastructure.

"As the world has come online, everybody has recognised that there is an opportunity to modify their strategy… for a government, the cyber attack possibility is just another tool that you have in your bag now," Mr DeCesare said.

He went on to explain how full scale attacks haven't been seen yet, but the world will go this way in the near future. Attacks designed to cause social and economic turmoil were highlighted as growing concern.

"When Russia first went into its war with the Ukraine, there was a very public statement about the fact that their first step was going to be to take out the telecommunications grid, and I do think unfortunately in the next couple of years there will be a very high-profile example."

Such attacks cannot be underestimated, or governments and enterprises could face the risk of debilitating attacks. These certainly have the potential to cause massive financial and reputational damage.

Ideological hacking

Cyber attackers are no longer solely motivated by financial rewards, and so-called 'hacktivism' is increasingly becoming a motivating factor.

This type of attack is motivated through political means, with cyber criminals seeking to promote beliefs such as free speech and human rights. Attacks targeted at organisations could be in response to products sold by the company or other recent actions.

More radical hacking attempts are becoming prominent within Australia, according to James Turner, chairman of the Australian Information Security Association's advocacy group.

"I've spoken to security practitioners that think ideologically driven hacking is already happening in Australia, but that the organisations being targeted are either clueless about what's happening, or they are keeping it ultra quiet," Mr Turner said.

He explained that a lack of communication could be to blame here, especially between government departments and the organisations themselves. Difficulty in spotting bigger problems and formulating appropriate defensive strategies was also outlined.

"The communication channels between IT security and risk executives and their peers at other organisations are based on personal relationships, and consequently ad hoc and inherently fragile."

Many enterprises may be unaware of the dangers of cyber attacks, and subsequently fail to put appropriate security systems in place. On the other hand, security may exist but not of a high enough standard. As such, comprehensive IT security training should become a top priority.

Courses in SABSA can be invaluable, as it's one of the most successful security architectures in the world. Once implemented within an organisation, security is delivered and supported, becoming an integral part of IT management infrastructure. Further levels of education can help to grow an understanding of the architecture and ensure security is constantly at the highest possible level.

Speak to ALC Training today if you'd like to find out more about security architectures for enterprises.