Even though the stakes are high, too few businesses are taking steps to protect themselves from the risk of a new kind of criminal element. While you may view cybersecurity as a function of good governance, it’s quickly becoming a critical business issue requiring top priority.
The business impact of poor cybersecurity
The introduction of cloud-based applications and the wide acceptance of SaaS business applications have contributed to the rapid rise of cybercrime. In addition, the requirement for mobility and the escalation of work from home (WFH) arrangements have increased cyber risks as well as introduced a complicated identity management landscape. The result has been costly.
- More than two-thirds (67%) of Australian organisations experienced a ransomware attack in 2020, a rate of 10 percentage points above the global average of 57%.
- More than one cybercrime is reported in Australia every 10 minutes, according to the Australian Cyber Security Centre
- Of the 33% of Australian organisations who paid a ransom, an average of AU$1.25 million was paid for each breach in 2020.
Why cybercrime is on the rise
We asked Chris Bell, Principal Technical Architect at Zetta, why we’re seeing such massive increases in ransomware attacks. He said cybercrime has extended beyond the traditional state-funded espionage and is now big business.
“Cybercriminals are well-funded and with the rise of cryptocurrency, you can’t really trace where the money is going,” Chris said.
“They’re wanting money and they’re also wanting your data which they can sell.”
The governance risk is probably greater than you realise
Chris says one of the most concerning aspects is how many cyberattacks go unreported.
“Once they manage to get data from a company that stores information about people, businesses, and other kinds of sensitive information, then you have another problem.”
“You have to think about reputational damage and the potential damage to employees as well as any sensitive data that gets out.”
“There are a lot of companies not reporting incidents because it doesn’t look good if you actually get compromised,” Chris said.
“If you think about it that way, there are a lot more attacks that you don’t know about than the ones you do.”
If a company doesn’t disclose a security breach, there’s no media coverage and no public knowledge of the event. It also means there’s no way to really know how much has been paid in ransom or the true cost of cybercrime to Australian business.
Cybersecurity perfect storm: WFH, mobility and BYOD
Securing your environment from malware and cyber attacks has been complicated by a rapid move to WFH and bring your own device (BYOD) policies. While many people know they should be implementing inexpensive measures like multi-step authentication and keeping software updated with current releases, it’s often overlooked as an essential form of protection.
According to Chris, this is when companies are most exposed to risk.
“People just don’t think it’s going to happen to them.”
“A lot of companies might be sitting on ageing infrastructure. It’s the typical attitude of ‘It’s working. Why would I touch it?’,” Chris said.
“If you’re vulnerable and you don’t want to spend the money to secure yourself, you’re an easy target. You don’t know they’re there until they’ve encrypted you. By then, they’ve already stolen your data.”
How to reduce the cybersecurity risk in your organisation
“You can never 100% mitigate the risk, but you have to try and put measures in place to make sure that you have visibility,” Chris said.
“That gives you a fighting chance because they can be in your system for weeks stealing things.”
“You have an opportunity in that time frame to detect an attack and stop it before it gets any worse.”
Chris says once your security is breached, the cybercriminals quickly move to using legitimate tools, making detection far more difficult. Traditional virus scanners are no longer useful once access to your credentials has been gained and the cybercriminals start moving around your network. An investment in more contemporary tools with newer capabilities like AI can detect unusual behaviour.
“If your company doesn’t have the necessary skills, get someone with those specialist skills to at least do an assessment,” Chris said.
“It’s not a simple journey. There’s often lots of changes that need to happen.”
“The list is quite long and it’s understanding where you’re at now, where you need to get to, and how you actually bridge that gap that’s important.”
What you can do to improve your cybersecurity
It’s a lot to take in, especially if you’re short on staff with the skills to do this kind of assessment. If you’re feeling uncertain about where to start, here’s a good way to prioritise your activity. At a bare minimum, implement these three items immediately.
1. Protect your endpoints.
Most attacks start with end user devices, typically by email or web-based entry points.
- Ensure all operating systems and applications are patched regularly. Out-of-date software is one of the most common doors used for security breaches.
- Harden applications such as Internet Explorer and Microsoft Office macro settings to mitigate common attacks.
- Implement an Endpoint Protection and Response (EDR) solution for greater visibility and protection against emerging threats. Don’t rely on traditional definition-based anti-malware solutions.
2. Protect your identities.
You may hear complaints from staff about additional identity protection but no-one complains once they’ve been through a security event.
- Implement Multifactor Authentication for all internet-facing services.
- Restrict access to user accounts with administrative privileges on unprivileged systems. This will help stop credential leakage and escalation.
3. Ensure system and data backups are available.
Test your backup systems before you have to rely on them.
- If you do experience a compromise, systems and data can be restored to a ‘clean’ state rather than starting again with nothing.
- Prevent tampering of backups so bad actors cannot delete backup data and inhibit recovery activities.
Where to get help
If you need help securing your environment and preventing the risk of cyber attacks, please reach out to our Security Team.