The best security devices don’t stop cars getting stolen Thieves look for the old cars/alarms Or careless owners…

Often it is the person, not the process that is the threat. (“guns don’t kill people, people do”)

“Weapons of Influence” Reciprocity - People have to return a favour ( info scares). Commitment and Consistency - If people commit, orally or in writing, to an idea or goal, they are more likely to honour that commitment. Social Proof - People will do things that they see other people are doing. Authority - People will tend to obey authority figures, even if they are asked to perform objectionable acts. Liking - People are persuaded by other people that they like. Scarcity - Perceived scarcity will generate demand. Presented by Carol Bott, Asst. Director ICT Security Professionalisation, DSD

Also check out “Stumbling on Happiness” The brain tricks us on a second-by-second basis People make regular, invalid assumptions of their future happiness We want our actions to work out well, even in the face of contradictory evidence

So how do those techniques apply to the online world?

Authority… consistency…

Authority… scarcity…

I received this from a reliable family friend this morning. 10/28/01 BIG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not not all. If you receive an called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one. Social proof… reciprocity… liking… authority…

Microsoft Mail Internet Headers Version 2.0 Received: from mail.nntt.gov.au ([ ]) by perdcexch.nntt.gov.au with Microsoft SMTPSVC( ); Wed, 24 Mar :59: X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AggDANIcqUvLCgHyjmdsb2JhbACBQpllFQEBAQEJCwgJEQUfvk+CVYIoBIMc X-IronPort-AV: E=Sophos;i="4.51,298, "; d="scan'208,217";a=" " Received: from outbound-mail01.westnet.com.au ([ ]) by ironport.nntt.gov.au with ESMTP; 24 Mar :59: X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj8GAEodqUvKSLOI/2dsb2JhbACBQplkdL5UglWCKASDHA X-IronPort-AV: E=Sophos;i="4.51,298, "; d="scan'208,217";a=" " Received: from dsl wa.westnet.com.au (HELO remote.rossgriffin.com.au) ([ ]) by outbound-mail01.westnet.com.au with ESMTP/TLS/AES128-SHA; 24 Mar :59: Received: from RGH-FS1.rgh.com.au ([fe80::2064:1a0f:44e0:5d5d]) by RGH-FS1.rgh.com.au ([fe80::2064:1a0f:44e0:5d5d%10]) with mapi; Wed, 24 Mar :59: From: Reception To: "Dart, Martin" Date: Wed, 24 Mar :59: Subject: RE: Car Thread-Topic: Car Thread-Index: AcrK8Rs9/pl5wC0XQou06Ey5nNmsjQADKmaA Message-ID: References: In-Reply-To: Accept-Language: en-US, en-AU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-AU x-tm-as-product-ver: SMEX x-tm-as-result: No x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_" MIME-Version: 1.0 Return-Path: X-OriginalArrivalTime: 24 Mar :59: (UTC) FILETIME=[04B86DE0:01CACAFE] --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_--

Dr Ian J Watt AO Secretary of Defence 70% of targeted attacks can be mitigated by following 4 basic strategies Defence is targeted around 200 times each year by organisations seeking to steal specific information. Non-defence agencies are targeted some 220 times. Duncan Lewis AO National Security Advisor DPMC Anonymity & non-attribution the main benefits attacks enjoy. Mining sector a recently expanding battlefield “We must all hang together, or most assuredly, we will hang alone”. (Benjamin Franklin)

Other conference points of note: The PSM needs urgent review in this area, as it’s focus has been on protecting paper Any internet system can be compromised We need to extend beyond the footprint of our technology/systems – security involves the end-to-end transaction 2007 Estonian ‘cyberwar’ noted as a portent or things to come (be that state- sponsored of non-state actors). 75% of attacks utilise targeted socially engineered

Any network can be utilised as a jumping off point for bigger attacks (hence we are a target) Government has not had capacity to date to realise the extent of attacks Boundaries are useless - we must extend systems into the community We needs learning/adaptive systems – no more siege warfare If not patched, you are swiss cheese. Patch within 2 days.

Do this! (at home and work) Automated patching makes your system self-learning How? Easy – Start/search/”update”

Simple tip #1 Choose the right user account… Give everyone a personal account Use unique & complex passwords Change passwords as often as you can tolerate

Simple tip #2 …and put them in the right group! There should only be 1 administrator If your making your life easier, you making it less secure.

Thanks.. Questions?