Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Budget Leak: Most cyber-leaks come from internal sources

Budget Leak: Most cyber-leaks come from internal sources, says cyber expert

By Pattrick Smellie

May 29 (BusinessDesk) - Most information leaks come from "malicious" or "inadvertent" releases from internal sources rather than via hacking, says Mark Shaw, a technology strategist for cyber-security software provider Symantec.

His comments came as the government and Opposition politicians traded blows in Parliament over the leak of information from tomorrow's Budget by National Party leader Simon Bridges, which the Treasury believes came from a "systematic hack" of its IT system.

Bridges and National's finance spokeswoman, Amy Adams, called repeatedly at the daily parliamentary question time for Finance Minister Grant Robertson to be "stood down" if, as Adams put it, the leaks turned out to be a result of the Treasury's "own failures, a far more likely explanation".

Shaw said information on the source of the Treasury leak was "pretty light at the moment", but questioned the assumption of hacking.

"From a sensationalist perspective, it’s nice to attribute these things to hacking a lot of the time," he said. "Without knowing the details behind Treasury, what I can say is that the vast majority of breaches that we see are caused by malicious insiders and the inadvertent leaking of information.

"While it’s convenient and interesting and curious to be pointing towards hacking activity – not to say that it’s not – it’s important to keep in mind that they need to be looking internally as well – whether it’s something malicious internally or someone inadvertently giving up information, whether through mis-clicks, ‘fat fingering’ and the like."

Shaw said breaches of cyber-security were now a matter of 'when', not 'if'.

However, sophisticated alert systems and trained staff should mean a successful cyber-attack would be noticed inside an organisation before it became public.

"There are tools and people play a big part in this," said Shaw. "All of these tools generate telemetry and noise and alerts, so organisations can be a bit overburdened by the amount of noise coming through.

"So having skills or technology to sift through that and identify an incident out of the many, many different alerts that are coming through is a big factor for organisations", especially given skills shortages in the area, said Shaw. "Detection for organisations is certainly not impossible. It should happen the majority of the time as quickly as possible after the event.

"Unfortunately, organisations, a lot of the time, are aware of a breach (only) when it becomes noticed in the public domain. That occurs with concerning regularity but ultimately organisations want to avoid getting to that point."

The Treasury began investigating the leaks yesterday only after Bridges made Budget information public. Treasury secretary Gabriel Makhlouf advised around 6pm that the government's primary economic advice agency, which handles some of the most sensitive economic policy information in the country, had found "sufficient evidence" of a "systematic hack" to call in the police to investigate.

In the case of hacking, Shaw said cyber criminals are becoming less reliant on using customised tools that had made them easier to spot in the past.

"Symantec talks about the way that attackers are what we call ‘living off the land’. They are actually using tools and processes that exist on our systems already.

"Having said that, almost no attack can ever take place without leaving some footprints around the place so, over the course of the last 10 years or so, we’ve seen a much greater focus on detection and response and not as much focus on prevention - that’s still important - but on detecting whether something has taken place in the environment."

Meanwhile, National is now complaining that the government is limiting its normal level of access to the Budget documents ahead of tomorrow's scheduled 2pm release in Parliament by halving the number of National Party representatives in the pre-Budget media lock-up from 16 to 8.

“I’m concerned this government is changing the rules in a way that appears petty and vindictive," said Adams.

Robertson last night called on National not to release any further Budget information because of the Treasury's advice that it appeared to have been obtained by hacking. By mid-afternoon today, no further Budget leaks had been released by National.

(BusinessDesk)

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Reserve Bank: Official Cash Rate Unchanged At 1 Percent

The Monetary Policy Committee has decided to keep the Official Cash Rate (OCR) at 1.0 percent. Employment remains around its maximum sustainable level while inflation remains below the 2 percent target mid-point but within our target range... More>>

ALSO:

Food Prices: Avocados At Lowest Price In Almost Three Years

Avocados are at their cheapest average price since February 2017, with tomato, lettuce, and cucumber prices also falling, Stats NZ said today. More>>

Auckland Port Move: Cabinet Ministers Deliberate On Report

Cabinet ministers now have a copy of a report urging the government to move the Auckland port up north, but say no final decisions have been made. More>>

ALSO:

Toxicology Tests Planned: Dead Rats Washed Up On Beaches

As many as 600 rats washed up on Westport's North Beach over the weekend to the horror of locals. DOC said they may have been killed by a recent 1080 poison drop 140km away and washed down the Buller River after heavy rain battered the coast. More>>

ALSO: