The Australian National University breached by Chinese hackers

According to ABC News, hackers based in China have managed to breach the systems of the Australian National University (ANU) – one of Australia’s most prestigious universities.

ANU’s systems were first compromised in 2017 and the university has been “working in partnership with Australian government agencies for several months to minimise the impact of this threat”.

The ANU said it doesn’t believe any data has been stolen by the criminal hackers:

Australia’s Cyber Security Minister Angus Taylor, said the Australian Cyber Security Centre (ACSC) would continue working with the ANU to assist in shutting the criminal hackers out.

Mr Taylor reportedly would not confirm that China was behind the attack, but he did say the government “condemns any malicious activity” that targets Australia.

“Malicious cyber activity against Australia’s national interests, whether from criminal syndicates or foreign states, is increasing in frequency, sophistication and severity, and the Australian Government’s highest priority is ensuring Australians are safe and our interests are secure”.

ANU should have improved its information security

This latest breach to hit Australia has been described as a “really serious and unacceptable situation” by the Australian Strategic Policy Institute’s Executive Director Peter Jennings.

“It [ANU] probably should have actually been doing a better job at looking after its computer security and I find it astounding to hear that the hackers are still having access inside the ANU system,” he said.

Although hackers breached the system last year, ANU students have only been notified of the breach via email in the past week.

Mr Jennings questioned ANU about the breach saying, “What were they doing to protect their systems? What were they doing to make sure that their systems were being checked?”

The importance of ISO 27001 and penetration testing

Cyber attacks are a growing risk for every business, whatever its size, sector or location.

Organisations should look to adopt best-practice information security standards to protect itself, such as ISO 27001, the international standard that describes best practice for an ISMS (information security management system).

Penetration testing is an essential component of an ISO 27001 compliant-ISMS, from initial development through to ongoing maintenance and continual improvement.

Also referred to as ‘pen testing’, this is an effective method of determining the security of networks and web applications, and helps organisations to identify the best way to protect its assets.

Conducting pen testing at specific points in your ISMS project will make a significant contribution:

  • As part of the risk assessment process: uncovering vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and linking them to identifiable threats.
  • As part of the risk treatment plan, ensuring that controls that are implemented actually work as designed.
  • As part of the ongoing continual improvement processes, ensuring that controls continue to work as required and that new and emerging threats and vulnerabilities are identified and dealt with.

Download our free green paper: Penetration Testing and ISO 27001, to discover the benefits of incorporating penetration testing into your ISO 27001 project >>