More filtering by ISPs and cloud providers would benefit SMBs

Recently released data shows that ingress filtering and route blocking could well benefit over-confident Australian SMBs who are driven by compliance to protect data.
Written by Stilgherrian , Contributor

Service providers are increasingly using ingress filtering to block access to vulnerable protocols on customers' devices or for blocking badly-routed data packets.

In June, for example, Telstra started rolling out Resource Public Key Infrastructure (RPKI) Route Origin Authorisations (ROAs) to certify the truth of routing messages transmitted by the Border Gateway Protocol (BGP).

The telco has since completed that deployment across all IP addresses in Autonomous System Number AS1221, and work is underway on AS4637.

"This basically means we have now deployed RPKI Origin Validation into Telstra's domestic network ... dropping invalids [incorrectly routed packets] from our upstream, peer and customer networks," a Telstra spokesperson told ZDNet.

"Deployment activities continue in our International networks," they said.

Telstra has also been working on its Cleaner Pipes initiative, which uses DNS filtering to block malware communications across its network.

Such active cyber defence programs have been gaining increasing support in Australia.

All of this is a good thing, according to Neil Campbell, Rapid7's vice president for APJ.

"That's a tricky thing to do because some customers say don't block anything because it's up to me what I operate and don't operate, and what I see and don't see," he told ZDNet.

"But if you start doing ingress filtering, well, you can help to reduce the amount of traffic running around with spoofed source addresses, which can help to reduce the impact of distributed denial of service attacks, amplification attacks, etc."

Data from the Rapid7's National / Industry / Cloud Exposure Report 2020 (NICER) shows that in Australia there's still plenty of vulnerable protocols exposed on the internet, although there have been some improvements.

When the scans were done in April and May, some 38,994 Australian IP addresses were exposing the Remote Desktop Protocol (RDP), 4,770 with VNC, and 3,033 with Citrix ADC or NetScaler.

Some 3,230 addresses were exposing SMB file sharing, down from a little over 5,000 last year. Unencrypted FTP file sharing was seen on 142,485 addresses, unencrypted Telnet on 15,695.

Campbell says a lot of these numbers are caused by cloud service providers supplying a base Linux image that includes an FTP server, for example. The same sort of thing happens with SMB.

"What might seem like small decisions on behalf of the cloud provider plays out into very large, very scaled situations," he said.

"It's an opportunity to do secure by default deployments and to lead with best practice."

Many SMBs are over-confident in their cybersecurity

Small and medium businesses (SMBs), which in Australia are defined as those with 1-19 and 20-199 employees, respectively, are particularly vulnerable, according to the Australian Cyber Security Centre (ACSC).

The ACSC Small Business Survey Report revealed that almost half of SMBs rated their cybersecurity understanding as "average" or "below average" and had poor cybersecurity practices.

The ACSC said that nearly one in 10 SMBs were unable to explain cyber threat terminology such as "malware", "phishing", "ransomware", or "insider threats".

"One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020," they said.

"Nearly one in five Mac users were unaware of what operating system their business was using."

Larger businesses were more likely to outsource their IT security, but the ACSC data suggests that those who did outsource "might believe that they are better protected than they really are".

Nearly half of the SMB respondents said they were unable or unwilling to spend more than AU$500 on IT security annually.

Campbell says that while SMBs understand that cybersecurity is a risk, it's generally not their biggest risk.

"The biggest risk will relate to cash flow and profitability. I think it's important to keep that context in mind when you're looking at security across large groups [of surveyed businesses]," he said.

"Risk management isn't risk elimination ... sometimes the risk you've introduced by 'overspending' on an area outweighs the benefit."

Australian organisations rate compliance over protecting customer data

While the figures don't relate solely to SMBs, Australian organisations seem to be lagging when it comes to prioritising the protection of customer data.

According to the 2020 Australia Encryption Trends Study conducted by the Ponemon Institute for nCipher Security, only 29% of Australian respondents rated protecting customer personal information as their number one data protection priority.

That's the lowest rate globally, 25% lower than the global average.

Some 57% of Australian organisations said regulatory compliance is the top driver, 10% higher than the global average, and up from 47% two years ago.

For the third straight year, Australia chose the driver of "[complying] with internal policies" more than any other region (43% versus the global average of 23%).

That's not surprising, says James Cook, nCipher's regional sales director for Australia.

"There has been a raft of new regulations and regulatory changes impacting this market over the past couple of years, such as Consumer Data Right, and a critical focus on the financial sector in particular," he said.

"It is only natural for respondents to have a keen focus on compliance."

Related Coverage

Ransomware is now your biggest online security nightmare. And it's about to get worse

Criminals understand our weaknesses and how to exploit them. That means ransomware isn't going away.

Asian SMBs recognise need to innovate, but struggle to know how

Small and midsize businesses in the region point to innovation as a key barrier to a quick post-pandemic recovery, with just 39% armed with an employee or team dedicated to driving such efforts in their organisation.

Cash payments plummet thanks to pandemic

Reserve Bank of Australia has said cheques are on their death bed. The only question surrounding the long-term decline of cash is whether recent cliff drops are temporary or permanent.

Support grows for an Australian active cyber defence program

It's a proven model supported by industry, analysts, and the Labor opposition. It's even been given token funding. But can the government deliver?

Labor asks for the whereabouts of Australia's overdue cybersecurity strategy

Shadow Assistant Minister for Cyber Security Tim Watts hopes the new strategy shows the 'substance and imagination that our national cyber-resilience deserves' and that it's accompanied by an accountable minister.

Editorial standards