A carefully crafted and highly targeted email phishing scam penetrated computers at the Reserve Bank of Australia in November 2011. Lia Timson, a journalist with SMH shared the story in her recent column on March 11, 2013.
This attack that took place in November 2011 was a targeted, malicious email sent to several staff on November 16 and 17, including senior management up to heads of department. The email titled “Strategic Planning FY2012: included a link to a ZIP file containing a Trojan virus.
The email tricked many at the bank because the hackers used a “possible legitimate external email address” used by a senior bank employee. The email also included a legitimate email signature and plausible subject title and content.
The RBA reported that the bank’s antivirus systems did not detect the Trojan. Antivirus software was installed on the six infected systems inside the RBA.
The article by Timson also went on to report that bank assets could have been compromised, leading to service disruption, information loss or reputation, however the RBA confirms no information was stolen in the breach.
If leading organisations such as the Reserve Bank of Australia can so easily fall victim to cyber criminals, what about your business? Security or the lack thereof across the business community is gaining awareness across the country and companies large and small must start to pay attention to all possible threats against their business, either intentional or those that occur as part of a larger “hope and pray” operation.
Cyber Security is everyone’s responsibility inside an organisation. Your staff must be aware and know how to spot a potential phishing attempt or virus attack. Employees must start to question every email that comes their way and practice due diligence when reacting to emails that land in their inbox. Not every potential attack will be caught by even the best antivirus program.
Security must be part of your 2013 business strategy and a key component of your technology plan. Do you have questions about your IT security? Call us and we can help you with a detailed security review of your business and help draw up a cybersecurity strategy to protect your business.