Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Budget Leak: Most cyber-leaks come from internal sources

Budget Leak: Most cyber-leaks come from internal sources, says cyber expert

By Pattrick Smellie

May 29 (BusinessDesk) - Most information leaks come from "malicious" or "inadvertent" releases from internal sources rather than via hacking, says Mark Shaw, a technology strategist for cyber-security software provider Symantec.

His comments came as the government and Opposition politicians traded blows in Parliament over the leak of information from tomorrow's Budget by National Party leader Simon Bridges, which the Treasury believes came from a "systematic hack" of its IT system.

Bridges and National's finance spokeswoman, Amy Adams, called repeatedly at the daily parliamentary question time for Finance Minister Grant Robertson to be "stood down" if, as Adams put it, the leaks turned out to be a result of the Treasury's "own failures, a far more likely explanation".

Shaw said information on the source of the Treasury leak was "pretty light at the moment", but questioned the assumption of hacking.

"From a sensationalist perspective, it’s nice to attribute these things to hacking a lot of the time," he said. "Without knowing the details behind Treasury, what I can say is that the vast majority of breaches that we see are caused by malicious insiders and the inadvertent leaking of information.

"While it’s convenient and interesting and curious to be pointing towards hacking activity – not to say that it’s not – it’s important to keep in mind that they need to be looking internally as well – whether it’s something malicious internally or someone inadvertently giving up information, whether through mis-clicks, ‘fat fingering’ and the like."



Shaw said breaches of cyber-security were now a matter of 'when', not 'if'.

However, sophisticated alert systems and trained staff should mean a successful cyber-attack would be noticed inside an organisation before it became public.

"There are tools and people play a big part in this," said Shaw. "All of these tools generate telemetry and noise and alerts, so organisations can be a bit overburdened by the amount of noise coming through.

"So having skills or technology to sift through that and identify an incident out of the many, many different alerts that are coming through is a big factor for organisations", especially given skills shortages in the area, said Shaw. "Detection for organisations is certainly not impossible. It should happen the majority of the time as quickly as possible after the event.

"Unfortunately, organisations, a lot of the time, are aware of a breach (only) when it becomes noticed in the public domain. That occurs with concerning regularity but ultimately organisations want to avoid getting to that point."

The Treasury began investigating the leaks yesterday only after Bridges made Budget information public. Treasury secretary Gabriel Makhlouf advised around 6pm that the government's primary economic advice agency, which handles some of the most sensitive economic policy information in the country, had found "sufficient evidence" of a "systematic hack" to call in the police to investigate.

In the case of hacking, Shaw said cyber criminals are becoming less reliant on using customised tools that had made them easier to spot in the past.

"Symantec talks about the way that attackers are what we call ‘living off the land’. They are actually using tools and processes that exist on our systems already.

"Having said that, almost no attack can ever take place without leaving some footprints around the place so, over the course of the last 10 years or so, we’ve seen a much greater focus on detection and response and not as much focus on prevention - that’s still important - but on detecting whether something has taken place in the environment."

Meanwhile, National is now complaining that the government is limiting its normal level of access to the Budget documents ahead of tomorrow's scheduled 2pm release in Parliament by halving the number of National Party representatives in the pre-Budget media lock-up from 16 to 8.

“I’m concerned this government is changing the rules in a way that appears petty and vindictive," said Adams.

Robertson last night called on National not to release any further Budget information because of the Treasury's advice that it appeared to have been obtained by hacking. By mid-afternoon today, no further Budget leaks had been released by National.

(BusinessDesk)

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

OECD On NZ: NZ's Living Standards Framework Positive But Has Gaps

Treasury’s living standards framework reflects good practice internationally but has some data gaps, including in areas where New Zealand fares poorly, the Organisation for Economic Cooperation and Development says. More>>

ALSO:

RBNZ Act Review: Govt Plans Deposit Guarantee Scheme

The Coalition Government today announced moves to make New Zealand’s banking system safer for customers through a new deposit protection regime, and work to strengthen accountability for banks’ actions. More>>

ALSO:

Conduct Review Response: Banks Commit To Removing Sales Incentives

The FMA and Reserve Bank of New Zealand said today that all banks had committed to remove sales incentives from frontline staff and their managers. More>>

Consumer Report: Insurance Market Complaints And Uncertainty

Consumers are paying more than ever for insurance but they’re not getting a fair deal, Consumer NZ’s latest report on the industry shows. More>>

ALSO:

Workers “Blind-Sided”: Sanford Processing Restructure Plan

Up to 30 jobs – almost half Sanford’s Bluff workforce - could be lost if the proposal to move white-fish processing to Timaru goes ahead. More>>