Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Budget Leak: Most cyber-leaks come from internal sources

Budget Leak: Most cyber-leaks come from internal sources, says cyber expert

By Pattrick Smellie

May 29 (BusinessDesk) - Most information leaks come from "malicious" or "inadvertent" releases from internal sources rather than via hacking, says Mark Shaw, a technology strategist for cyber-security software provider Symantec.

His comments came as the government and Opposition politicians traded blows in Parliament over the leak of information from tomorrow's Budget by National Party leader Simon Bridges, which the Treasury believes came from a "systematic hack" of its IT system.

Bridges and National's finance spokeswoman, Amy Adams, called repeatedly at the daily parliamentary question time for Finance Minister Grant Robertson to be "stood down" if, as Adams put it, the leaks turned out to be a result of the Treasury's "own failures, a far more likely explanation".

Shaw said information on the source of the Treasury leak was "pretty light at the moment", but questioned the assumption of hacking.

"From a sensationalist perspective, it’s nice to attribute these things to hacking a lot of the time," he said. "Without knowing the details behind Treasury, what I can say is that the vast majority of breaches that we see are caused by malicious insiders and the inadvertent leaking of information.

"While it’s convenient and interesting and curious to be pointing towards hacking activity – not to say that it’s not – it’s important to keep in mind that they need to be looking internally as well – whether it’s something malicious internally or someone inadvertently giving up information, whether through mis-clicks, ‘fat fingering’ and the like."

Shaw said breaches of cyber-security were now a matter of 'when', not 'if'.

However, sophisticated alert systems and trained staff should mean a successful cyber-attack would be noticed inside an organisation before it became public.

"There are tools and people play a big part in this," said Shaw. "All of these tools generate telemetry and noise and alerts, so organisations can be a bit overburdened by the amount of noise coming through.

"So having skills or technology to sift through that and identify an incident out of the many, many different alerts that are coming through is a big factor for organisations", especially given skills shortages in the area, said Shaw. "Detection for organisations is certainly not impossible. It should happen the majority of the time as quickly as possible after the event.

"Unfortunately, organisations, a lot of the time, are aware of a breach (only) when it becomes noticed in the public domain. That occurs with concerning regularity but ultimately organisations want to avoid getting to that point."

The Treasury began investigating the leaks yesterday only after Bridges made Budget information public. Treasury secretary Gabriel Makhlouf advised around 6pm that the government's primary economic advice agency, which handles some of the most sensitive economic policy information in the country, had found "sufficient evidence" of a "systematic hack" to call in the police to investigate.

In the case of hacking, Shaw said cyber criminals are becoming less reliant on using customised tools that had made them easier to spot in the past.

"Symantec talks about the way that attackers are what we call ‘living off the land’. They are actually using tools and processes that exist on our systems already.

"Having said that, almost no attack can ever take place without leaving some footprints around the place so, over the course of the last 10 years or so, we’ve seen a much greater focus on detection and response and not as much focus on prevention - that’s still important - but on detecting whether something has taken place in the environment."

Meanwhile, National is now complaining that the government is limiting its normal level of access to the Budget documents ahead of tomorrow's scheduled 2pm release in Parliament by halving the number of National Party representatives in the pre-Budget media lock-up from 16 to 8.

“I’m concerned this government is changing the rules in a way that appears petty and vindictive," said Adams.

Robertson last night called on National not to release any further Budget information because of the Treasury's advice that it appeared to have been obtained by hacking. By mid-afternoon today, no further Budget leaks had been released by National.

(BusinessDesk)

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Up 0.5% In June Quarter: Services Lead GDP Growth

“Service industries, which represent about two-thirds of the economy, were the main contributor to GDP growth in the quarter, rising 0.7 percent off the back of a subdued result in the March 2019 quarter.” More>>

ALSO:

Pickers: Letter To Immigration Minister From Early Harvesting Growers

A group of horticultural growers are frustrated by many months of inaction by the Minister who has failed to announce additional immigrant workers from overseas will be allowed into New Zealand to assist with harvesting early stage crops such as asparagus and strawberries. More>>

ALSO:

Non-Giant Fossil Disoveries: Scientists Discover One Of World’s Oldest Bird Species

At 62 million-years-old, the newly-discovered Protodontopteryx ruthae, is one of the oldest named bird species in the world. It lived in New Zealand soon after the dinosaurs died out. More>>

Rural Employers Keen, Migrants Iffy: Employment Visa Changes Announced

“We are committed to ensuring that businesses are able to get the workers they need to fill critical skills shortages, while encouraging employers and regions to work together on long term workforce planning including supporting New Zealanders with the training they need to fill the gaps,” says Iain Lees-Galloway. More>>

ALSO:

Marsden Pipeline Rupture: Report Calls For Supply Improvements, Backs Digger Blame

The report makes several recommendations on how the sector can better prevent, prepare for, respond to, and recover from an incident. In particular, we consider it essential that government and industry work together to put in place and regularly practise sector-wide response plans, to improve the response to any future incident… More>>

ALSO: