Sharechat Logo

Budget Leak: Most cyber-leaks come from internal sources, says cyber expert

Wednesday 29th May 2019

Text too small?

Most information leaks come from "malicious" or "inadvertent" releases from internal sources rather than via hacking, says Mark Shaw, a technology strategist for cyber-security software provider Symantec.

His comments came as the government and Opposition politicians traded blows in Parliament over the leak of information from tomorrow's Budget by National Party leader Simon Bridges, which the Treasury believes came from a "systematic hack" of its IT system.

Bridges and National's finance spokeswoman, Amy Adams, called repeatedly at the daily parliamentary question time for Finance Minister Grant Robertson to be "stood down" if, as Adams put it, the leaks turned out to be a result of the Treasury's "own failures, a far more likely explanation".

Shaw said information on the source of the Treasury leak was "pretty light at the moment", but questioned the assumption of hacking.

"From a sensationalist perspective, it’s nice to attribute these things to hacking a lot of the time," he said. "Without knowing the details behind Treasury, what I can say is that the vast majority of breaches that we see are caused by malicious insiders and the inadvertent leaking of information.

"While it’s convenient and interesting and curious to be pointing towards hacking activity – not to say that it’s not – it’s important to keep in mind that they need to be looking internally as well – whether it’s something malicious internally or someone inadvertently giving up information, whether through mis-clicks, ‘fat fingering’ and the like."

Shaw said breaches of cyber-security were now a matter of 'when', not 'if'.

However, sophisticated alert systems and trained staff should mean a successful cyber-attack would be noticed inside an organisation before it became public.

"There are tools and people play a big part in this," said Shaw. "All of these tools generate telemetry and noise and alerts, so organisations can be a bit overburdened by the amount of noise coming through.

"So having skills or technology to sift through that and identify an incident out of the many, many different alerts that are coming through is a big factor for organisations", especially given skills shortages in the area, said Shaw. "Detection for organisations is certainly not impossible. It should happen the majority of the time as quickly as possible after the event. 

"Unfortunately, organisations, a lot of the time, are aware of a breach (only) when it becomes noticed in the public domain. That occurs with concerning regularity but ultimately organisations want to avoid getting to that point."

The Treasury began investigating the leaks yesterday only after Bridges made Budget information public. Treasury secretary Gabriel Makhlouf advised around 6pm that the government's primary economic advice agency, which handles some of the most sensitive economic policy information in the country, had found "sufficient evidence" of a "systematic hack" to call in the police to investigate.

In the case of hacking, Shaw said cyber criminals are becoming less reliant on using customised tools that had made them easier to spot in the past.

"Symantec talks about the way that attackers are what we call ‘living off the land’. They are actually using tools and processes that exist on our systems already.

"Having said that, almost no attack can ever take place without leaving some footprints around the place so, over the course of the last 10 years or so, we’ve seen a much greater focus on detection and response and not as much focus on prevention - that’s still important - but on detecting whether something has taken place in the environment."

Meanwhile, National is now complaining that the government is limiting its normal level of access to the Budget documents ahead of tomorrow's scheduled 2pm release in Parliament by halving the number of National Party representatives in the pre-Budget media lock-up from 16 to 8.

“I’m concerned this government is changing the rules in a way that appears petty and vindictive," said Adams. 

Robertson last night called on National not to release any further Budget information because of the Treasury's advice that it appeared to have been obtained by hacking. By mid-afternoon today, no further Budget leaks had been released by National.

(BusinessDesk)

  General Finance Advertising    

Comments from our readers

No comments yet

Add your comment:
Your name:
Your email:
Not displayed to the public
Comment:
Comments to Sharechat go through an approval process. Comments which are defamatory, abusive or in some way deemed inappropriate will not be approved. It is allowable to use some form of non-de-plume for your name, however we recommend real email addresses are used. Comments from free email addresses such as Gmail, Yahoo, Hotmail, etc may not be approved.

Related News:

Deposit protection reduces case for RBNZ's bank capital increases, Robertson hints
NZ dollar higher after Lowe comments viewed as less dovish
Govt to introduce deposit insurance; RBNZ keeps prudential supervision
Granular approach needed for cost-effective emissions reduction
Bank executive incentives a key focus for regulators
Appeal Court puts ANZ back in the gun over interest rate swaps
Meridian to supply Australian online retailer Kogan.com
RBNZ seen keeping rates on hold but signalling more cuts to come
RBNZ demands assurance ANZ New Zealand is operating prudently
Citic gets seat at Tourism Holdings in $80 mln capital raising

IRG See IRG research reports