If you’ve been reading the news lately and have noticed all the commotion around hacker attacks on some of the big guns like Google, Yahoo, and Adobe, you may be experiencing a pang of security anxiety. your own business. You may have believed your network was invincible, so this news might leave you feeling shaky. You have good reason to feel that way, according to an article in the Sydney morning herald the number of hackers manipulating private financial information belonging to Australian companies is on the rise. Obviously, the use of the Internet and intranet for business has become a viable solution to achieve the objectives of the company, but on the negative side, the criminal faction sees so many opportunities.

Australia is a frequent target of cybercrime

Symantec, a data security company reported that Australian and New Zealand companies suffer 75% more security breaches than the global average, with 89% of companies surveyed in the past 12 months admitting to at least one intrusion. Hackers don’t necessarily go after major companies where they can get hold of large sums of money. Like any other thief, they go where the risk is low and can get in and out of a system quickly and undetected. The fact is, you don’t have to be at any particular level of business profitability to be objective. Smaller companies tend to use less comprehensive IT security, making them more susceptible. In general, hackers are interested in easy money.

Google and other large corporations are not exempt

The threat does not always revolve around banking information or sensitive intellectual property. As Google discovered in December 2009, issues such as human rights are at stake in cyberattacks. The advertising and search giant was dismayed that a highly organized effort dubbed “Aurora” was underway to hack into the Gmail accounts of Chinese human rights activists. They managed to infiltrate only two accounts and could not see the actual correspondence of the account holders. The move put Google in a position where it deemed it necessary to warn the Chinese human rights community about the attack and prepare to withdraw business ties with China. Google officials did not directly accuse the Chinese government of being the perpetrators, but decided to review business with the country based on its attempts to limit freedom of expression on the Internet. Google raised concerns about the safety of Chinese citizens and the possibility that they will be questioned and jailed.

There were at least 20 other large Internet, media, finance and technology companies included in the attack: Yahoo, Adobe, Symantec, Dow Chemical, and Northrop Grumman, to name a few. It was achieved through a technique called “spear phishing”. This resembles an attack on 100 IT companies in July 2009 in which company employees were attacked with infected email attachments.

Small and medium-sized businesses have minimal defense

Most companies are completely defenseless against these sophisticated attacks. They use instant messages and emails that seem innocent at first because the senders appear to be trusted friends and colleagues. The messages are tuned to evade the antivirus programs designed for these applications. Clearly, the best practices for IT security that have kept attackers at bay for many years are no longer sufficient. There is an innovative caliber of attacks circulating around the world using custom malware written specifically for individual companies. Hackers don’t seem to care if it takes longer to get around the antivirus software used by large corporations. They continue to fine-tune their malware until it becomes effective. Smaller companies that don’t have the budget for large-scale security haven’t had a chance. Hackers have the ability to take a single employee’s laptop and turn it into a gateway for full administrative access to the entire company network.

The security company ISec partners who investigated the attack on Google and the ensuing corporations recommend that we make fundamental changes to the way we protect our networks. They say that we simply have not been prepared for the level of sophistication demonstrated by the new cybercriminals.

Hacker stories in the Australian news

Internet news sites report the direct effects of hacking in Australia. Online today published a news article about a hacker named “Ghostbuster” who has been targeting Melbourne businesses in response to violence against Indians. The person behind the attacks has been sending threatening emails stating that Australian servers will be hacked until the racism against Indian citizens ends. The action followed the murder of a 21-year-old Punjabi student in January 2010. Several Melbourne companies were victims when all their networks were thrown into chaos.

In the technology section of Age is a report describing the effects on government websites by hackers associated with the “Anonymous” group, known for its attacks on Scientology. This is the same group that temporarily criticized pornography on Prime Minister Kevin Rudd’s website. On the morning of February 10, 2010, several government sites were down. The attack went against the government’s plans to censor the Internet. Communications Minister Stephen Conroy was unhappy that Australian citizens were unable to obtain the necessary services online and deemed it irresponsible on the part of hackers.

At Sydney morning herald a journalist mentions the statistics that there are now more mobile devices in the country than there are Australians. It is not unusual for a person to have two or three. The increasing use of wireless broadband provides accessibility and convenience for subscribers, but also expands the territory for cybercriminals. Currently, there are more barriers to hacking wireless devices than terrestrial networks, such as the cost of making a phone call. However, with advancements in mobile device technology to the point where it can replace the need to own a laptop, there is a possibility of being attacked by hackers. Real devices may be secure, but the often free and faster Wi-Fi network for users in public places is a temptation for cybercriminals. You may believe that you have connected to a site operated by an airport, hotel or cafe, but there is no way of knowing for sure who controls the IP address that now has access to everything on your computer or mobile device. It is not that difficult for hackers to present a fake website that they think they can use to steal from your network at any time in the future.

Millions of dollars are stolen every day from people and businesses using the Internet. We are frequently warned about viruses, worms, and phishing scams, but somehow we get caught anyway. The situation is getting worse as hackers become more adept at breaking unique systems designed to keep them out. If you’re still uncomfortable with your network’s vulnerability, your gut will be worth heeding.