Troy Park and Mario Bekes may not drive Aston Martins, but they are the real deal when it comes to information security and industrial espionage – and they apply their talents to protecting Australian businesses from threats that are often as close to home as the next desk.
Both men are former army intelligence officers (Mr Park in the ADF and Mr Bekes in the Croatian Armed Forces).
They now use their talents to advise businesses on the prevention and defence of security threats – in cyber and human form.
Mr Park, whose business, Integersec, provides cyber security advice and emergency responses, said the increasingly complex nature of online crime meant businesses could not rely on their IT staff to defend against them.
“Cybercriminals employ constantly evolving techniques to breach security and access information,” he said.
“In the past, cyber threats were mainly ‘script kiddies’ who broke into networks and defaced websites for a joke.
“It wasn’t long, however, before criminals worked out that there was money to be made through theft of data or financial crime.”
This can be done through breaching business networks and stealing information or something as simple as ransomware, where unintentionally downloaded malicious software locks a victim out of their computer or encrypts data with the only way to gain access to pay a ransom.
“Cybercrime is now a market driven economy and, unfortunately, business is very good,” Mr Park said.
Mr Bekes agrees. His business, Insight Intelligence, helps businesses with the other side of the security coin – internal espionage.
“Information in Australia is very accessible,” he said.
In fact, it can be as simple as starting a “chance” conversation in a café with an employee of a target business and getting them chatting, or buying a child’s spy toy listening device to eavesdrop.
“It’s always people that are willing to share information without understanding how a company can be put in a detrimental position,” Mr Bekes said.
Another risk comes from deliberately malicious intent by those working within a business or as a sub-contractor.
“All the problems come through the door,” Mr Bekes said.
“Screening of new employees is very important. I don’t think that companies enquire enough about the backgrounds of potential employees.”
The next great time of risk is when employee leaves the company – particularly if they are sacked or made redundant
“Ask yourself, how many organisations have the security guard next to the person with clear instructions that say “do not let X employee download any documents”?” Mr Bekes said.
“The only way to make security fool-proof is to monitor using counter intelligence methods.
“When it comes to business security, it’s always a game of cat and mouse.”
Did you know?
- The Dark Web is the Internet’s “dark side of The Force”. It’s where criminals go to buy and sell stolen information as well as malware, hacking tools, software and other tools of their trade.
- Australia is one of the most targeted countries in the world for cyber-attacks.
- The low key jobs, such as cleaners or security guards, are the lowest supervised. But these positions are often used as a way to obtain intelligence about businesses.
- Businesses have been compromised through minimal, or in some cases, no use of passwords or access controls; others through not shredding sensitive documents before placing them in the rubbish – a prime means of gaining information by criminals.
- Lloyds of London announced late last year that the Australian economy is exposed to a potential $16 billion damage bill over the next decade through cyber-attacks.
- Some researchers claim that the average cost of a cyber-attack on Australian business is about $300,000.
- This figure does not take in to account loss of intellectual property or business and brand reputation.
- The average time to resolve a cyber-attack is about 23 days - 51 days if the attack was assisted by a current or former employee.
Learn from the experts
Mario Bekes and Troy Park will present a workshop on Information Security – Threats and Defence “How good is your human firewall?” at the Waldorf Hotel, Parramatta on Wednesday, March 29.The two-hour presentation will cover topics including:
- Economic espionage.
- Social engineering and reputational risk.
- Human intelligence (theft and trade of sensitive and confidential information).
- Threats and associated risks to information security in 2017 and beyond.
- Recommended defence and response measures to protect against a data breach.
For information or bookings visit:
http://www.integersec.com.au/infosec-in-2017
