The state of cyber security, and why you need to care

Reflecting on the current state of cyber security, it would be remiss of us not to acknowledge the significant impact the COVID-19 pandemic has had on the way that Australian individuals and businesses behave online. To work remotely, access services and information, and to communicate we have been heavily dependent on the internet. It is this increased dependence that has enlarged the attack surface and generated increased opportunities for cybercriminals to exploit Australia. 

This increased volume of cybercrime equates to one report of an attack every eight minutes, this is up 13% from the 2019-2020 financial year1. During this same period, losses from cybercrime total more than $33 billion, and this figure does not consider the ongoing financial and reputational damage caused by stolen data and intellectual property. When speaking with Chief Information Security Officers, 81% report that staying ahead of cybercrime is a constant battle2. What that means for your organisation is that cyber security can no longer remain a concern for only the IT department. A business’ cybersecurity and importantly, cyber resilience strategy must be developed by all key stakeholders with business objectives in mind. 

Key cyber security threats and trends 

Ransomware is a type of malicious software (malware), designed to infiltrate your device and make your computer or its files unusable. To unencrypt and restore access, cybercriminals will demand that you pay a ransom and often threaten to release sensitive information should you not do so. 

Once slowed by its linear attack model, ransomware has evolved to a subscription-based Ransomware as a Service (RaaS) beast. RaaS removes the need for technical know-how, empowering the most novel hackers to execute highly sophisticated cyber-attacks. 

Rapid exploitation of security vulnerabilities, State and criminal cyber threat actors continue to compromise organisations by manipulating publicly disclosed vulnerabilities at speed and scale. 

An example being the recent Log4J exploit, which has been called one of the biggest cyber security breaches in history. The Australian Cyber Security Centre implored all organisations to audit for vulnerabilities immediately and continue to watch as this vulnerability was exploited by hackers far and wide. 

Business email compromise (BEC) continues to present a major threat to Australian businesses, especially as more of us work remotely. Cybercriminals conducting BEC attacks have become more sophisticated and organised, developing enhanced and streamlined methods to ensure their attacks cause significant business disruption. 

The three tools every business needs to adopt today 

1. Multi-Factor authentication (MFA)

Enabling MFA ensures that your account is protected by more than one identification check. It makes it significantly harder for cybercriminals to access your accounts. You need to do this for every account, right now! 

2. Establish and maintain secure password practices

You need a unique secure password for every account that you have. Most accounts should have highly complex and randomly generated passwords that are stored in a password manager. For those passwords that you need to remember, i.e. for your computer or your password manager’s Master Password, a Passphrase may assist. 

3. Level up your cyber security 

To be threat-centric and business aligned you must give cyber security a seat at the table. Given the cyber threat landscape, businesses should prioritise the implementation of a strong security framework like the Essential Eight Maturity Model, and consider the following actions: 

• Implement a “business continuity disaster recovery plan”
• Adopt a “comprehensive backup strategy” 
• Ensure multi-factor authentication is enabled and monitored 
• Employ endpoint and network protection and monitoring
• Prioritise application/device updates and patches 
• Embrace a strong cyber security culture (Staff Training) 
• Develop and maintain secure password practices

__________________________

1. Australian Cyber Security Centre (2021) ACSC Annual Cyber Threat Report 2020-21 

2. Accenture (2021) The State of Cybersecurity Resilience Now 2021 

Jasmin Illic, COO, Control Z

Jasmin is the Chief Operating Officer of Control Z, a forward-thinking, security conscious Managed Service Provider committed to furthering the adoption of technology among Australian Business. Jasmin is passionate about empowering individuals to do more with technology, and has a keen interest in increasing cyber security awareness among executives and school students. Jasmin is a strong advocate for increasing female representation in STEM careers, particularly within the IT and cyber security fields.