Home

Partners

Remote Support Assistance

Management Team

Our History

Employment

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Managed Services

Information Security Consulting

Security Integration

Licensing and Maintenance

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Partner News

RSA

Earth Wave

McAfee

Check Point

Clear Swift

Palo Alto Networks

Blue Coat

Security Capabilities

Approach

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Services

Managed Services

Information Security Consulting

Security Integration

Licensing and Maintenance

Solutions

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Security News

eNEWSLETTER SIGNUP
Sign up here to receive our quarterly newsletter.

Remote Support Assistance
Join a Support Session with a Loop Client Support Services Engineer

the stuxnet worm: Cyber warfare?

• The Stuxnet worm is a newly discovered piece of malware that presents a dangerous trend turning the Internet into a large-scale battlefield

• Australian companies are not yet regulated to protect themselves, so if they have chosen to wait they risk being caught in the middle of this “cyber war”.

• A best-practice approach to security can help protect entities and also enable business.

The Stuxnet worm is a newly discovered piece of sophisticated malware that presents a dangerous trend in the nature of cyber attacks. The worm has directly targeted infrastructure with arrests recently made in Iran where a nuclear power plant was infected.

The discovery of the recent Stuxnet worm has opened a new chapter in the ongoing saga of malware and what it means to our globally-connected world. While previous attacks of this nature have almost certainly been occurring, the complexity and maturity of this attack suggest that computing without proper defences is becoming increasingly dangerous.

Australia lags behind the developed world when it comes to Information Security regulation, which means many organisations are not making their IT Security a priority. Most of the regulation comes from the Payment Card Industry (PCI) or the necessity to conform to global standards when doing business overseas (SOX, JSOX, GLBA, ISO27001). Without the pressure of regulation, organisations may opt to either wait for legislation or defer security expenditure.

If the Stuxnet worm truly is the result of a state-sponsored cyber-attack, it means that entities that rely on the Internet for conducting their business are caught in the crossfire of the new battlefield. Those organisations that are not properly protected will suffer large amounts of collateral damage, as evidenced by what we've seen with SCADA (Supervisory Control And Data Acquisition) systems becoming infected worldwide.

Another possibility is that malicious hackers reverse-engineer this sophisticated worm, taking advantage of the time and effort that was required by a very capable entity or group who created the worm. It’s likely we will see Stuxnet variants in the near future with payloads that target corporate or government systems. This does not bode well for threat levels on the Internet for the foreseeable future.

So, what can be done to protect against these attacks? A comprehensive Information Security Management System (ISMS) Framework is essential for increasing the security posture of organisations. The ISMS Framework can also provide a roadmap with a phased approach to accommodate budgets and business requirements. This framework accounts for both technical (product-based) controls and non-technical (policy & procedure-based) controls, which is the most comprehensive way to approach Information Security.

Investment in Information Security today will pay dividends in the future such as peace-of-mind, enablement of employees and protection against constantly-evolving attacks both internally and externally. Regulation for Australia is quickly approaching, so pro-active organisations will be in a better position when this regulation finally comes into effect.

Loop Technology has a large amount of experience designing and improving Information Security Management System Frameworks for organisations large and small across Australia. Loop also regularly provides Healthchecks for organisations to assess the effectiveness of their existing ISMS Framework. Contact us today for more information on how we can help you improve your security posture.