Nexon blog - AusCERT 2024 Gold Cost wrap up

The Nexon team gathered with hundreds of delegates and vendors on the Gold Coast for four days of workshops, presentations, and meetups. There was a lot to learn from groundbreaking security innovations and chats with industry experts.

With its ‘Pay it forward’ theme, AUSCERT2024 promoted the idea that openly sharing knowledge creates a ripple effect, strengthening the entire field of cyber security. So, in that spirit, here are a few topics that caught my attention.

Phishing-as-a-Service on the rise

If you thought there was an ‘as-a-service’ subscription model for everything these days, here’s proof. A standout presentation by Abnormal Security confirmed just how organised crime is getting in 2024.

As I wrote recently, cybercrime has overtaken organised crime  as the leading source of revenue for gangs globally, but Phishing-as-a-Service (yes, we can call it PHaaS) is taking things to the next level – and it’s growing fast.

As you may guess from the name, this malicious business model turns old-fashioned criminals into cybercriminals by enabling them to run sophisticated phishing campaigns.
For a fee, PHaaS providers supply them with all the expertise and tools they need, including fake websites, emails and malicious scripts. They even use ChatGPT to craft convincing emails, AI-driven behavioural learning, and data analytics to target victims personally using stolen data.

Phishing campaigns cast a wider net

At the event, iTnews launched the State of Security Report 2024, which cited reports of double-digit and even triple-digit increases in the volume of malicious phishing emails.

While it found that 91% of phishing attacks still start with an email, bad actors are increasingly targeting collaboration and messaging apps. They embed legitimate-looking but harmful links in all types of collaboration software, including Teams, Zoom, Slack, WhatsApp, QR codes and more.

People are getting better at spotting fake emails, but our defences and awareness are not always as sharp when it comes to other types of messages. Good old-fashioned poor grammar and writing have been giveaways in the past, but this is also changing with Europol issuing a warning regarding generative AI tools’ (like ChatGPT) ability to craft highly realistic text messages and accurately impersonate organisations and individuals.

Nexon security partner and AUSCERT sponsor Check Point – who hosted a cyber resilience roundtable at the event – introduced the latest enhancements of their Harmony Email & Collaboration Suite Security, which uses AI-powered prevention tools to prevent malicious messages from reaching users.

The rising importance of data governance

There’s nothing like the topic of government regulations to make the eyes glaze over. However, with significant maximum penalties for data privacy breaches – and more changes expected to be tabled in August – it’s more critical than ever to be up to speed. Penalties are up to up to the greater of $50 million, three times the value of any benefit obtained through the misuse of information, or 30% of a company’s adjusted turnover in the relevant period.

These severe penalties make it clear that businesses must do better to protect the data they collect, and the penalties can no longer be regarded as the cost of doing business.

Data governance is an ongoing commitment; however, there are several core fundamentals you can implement. Here are some of the basics of implementing a robust data governance framework:

1. Data Governance Policies

Data Governance Policies

Develop and maintain clear principles and controls for data use, retention and protection.

2. Roles & Responsibilities

Roles and Responsibilities

Designate accountable data owners, custodians and users, and ensure each person understands their responsibilities and accountability.

3. Data Management Processes

Data Management Processes

Maintain secure data sharing practices and controls for managing data modifications and restricting access to authorised personnel.

4. Data-Driven Culture

Data-Driven Culture

Prioritise proactive data responsibility, accountability and literacy, including training and resources to ensure employees understand how they contribute.

5. Data Catalogue & Metadata

Data Catalogue and Metadata

Maintain a comprehensive catalogue of your data holdings, supporting data management, compliance and oversight.

6. Metrics & Standards

Metrics and Standards

Establish and monitor data use, quality and availability standards, aligning with Australian data security and privacy regulations.

With so much happening in cyber security, it can be hard to keep up. Two important Australian Government reports are worth your attention. I recently wrote about how these reports impact business leaders and the next steps.

The first article breaks down the Australian Government’s 2023–2030 Australian Cyber Security Strategy, and the second, How to lead your business through a cyber security crisis and bounce back, is based on the follow-up report Governing Through a Cyber Crisis.

If you would like to learn more about any of these topics or discuss cybersecurity readiness, please feel free to get in touch.

Paul Edmondson is Head of Cyber Security Sales at Nexon Asia Pacific. For more information about Nexon’s cyber security solutions and services, contact Nexon today.