Australia Post shares strategy to protect from ransomware

By June, 2017 August 31st, 2017 ICT
Australia Post lets everyone know that scams and cyberattacks aren't going to be tolerated, as staff are offered training to deal with phishing and emails.

Image: Gerard’s World

It’s an all too familiar setting that most of us would rather forget that it happened. We see an e-mail come through, it looks innocent enough, we click on it, or even go a step further and enter sensitive details, and… whoops.

Not only is it just plain embarrassing that we fell for it – the inner-monologue then begins about how we thought we were so intelligent that we’d recognise all the signs – but it can be seriously distressing for some because they immediately realise that they might have put themselves or their organisation at risk of ‘exposure’.

That was the topic presented by Kristin Lyons, Australia Post’s chief information security officer, who spoke to an audience at CeBIT Australia 2017 in Sydney about the potential dangers employees face when confronting malicious e-mails or links and how to deal with that situation.

The major point that Ms Lyons hit hard was the importance of training for employees to not only prevent such situations from occurring in the first place, but if they do happen, employees should be confident to speak up and warn others and inform the senior management that a breach has occurred.

“Why do people keep falling for it?” Ms Lyons asked. “It’s not because people are silly, it’s because the scams are very good at what they do.”

Wanting to reassure everyone that if they become a victim of a cyber-scam, they’re not alone and it may be just their core human vulnerabilities that sets them up for such a failure.

“The second that it happened, they know they did the wrong thing,” Ms Lyons said.

“And actually more than that, they probably got that feeling before they did that.”

She suggested that these emails rely on our emotional vulnerabilities and “might work on our sense of urgency”.

Describing a run-of-the-mill scam e-mail, she said they might ask for your Microsoft details, “or else you won’t be able to work for a day”.

“It might say you’ll get fired if you don’t transfer this money to your office account,” she said.

When one of these scamming events takes place, she suggested that they work on our emotional intelligence because “in that moment, the sense of urgency sends all that adrenaline to your brain and before you know it, you’ve clicked on that link and given your details, because all you want to do at that stage is get out of trouble”.

According to Ms Lyons, it’s not the response we would normally have, “it’s not what you would normally do”.

So now the big question is how does Australia Post put a stop to it, or at least mitigate it so that it has minimal impact to its organisation?

Ms Lyons said Australia Post spends a lot of time on awareness and training, such face-to-face training and online training.

They also make it more practical by setting up ‘online phishing simulations’, which is designed to encourage employees to report the emails, as they might have identified something that someone else didn’t.

“We’ve evolved this training somewhat, so we did run a couple of pilots where we actually ran ransomware simulations on a limited number of our people.”

From Moscow With Love, Kaspersky finalises move to Zürich

| ICT | No Comments
The great migration, capping off 2020 with a crossborder bang for cybersecurity.

Jump Forward to new podcast series from GovNews!

| ICT, Jump Forward | No Comments
Listen for FREE for our latest talks on the latest issues relating to government.

Meet the game-changing women fighting the war on waste

| Local, Sustainability | No Comments
Local government's frontline of committed waste warriors.
Cybersecurity firm Kaspersky will open a new Transparency Center in Malaysia inviting governments and companies to inspect source code for greater trust.

Source code inspection means trust in cybersecurity

| ICT | No Comments
Inviting governments to review the nitty gritty.