29 November, 2022
In 2022, cyber hacks affecting multiple organisations were reported in the media: high volumes of sensitive Australian business, staff and citizens’ personal information were compromised. Optus, Singtel, Telstra, Dialog, Uber, Vino Mofo, Mydeal, Canva, MediBank, Toyota and Costa Group are all examples of cybercrime victims in 2022. Cybercriminals are getting more sophisticated, affecting business supply chains and ransom demands continue to skyrocket.
This year’s Information Systems Audit and Control Association (ISACA) global Cybersecurity Survey indicates that 43 percent of organisations are experiencing more cyber-attacks, an eight percentage-point increase from last year. Thycotic reported in the 2021 State of Ransomware Survey and Report that 64% of organisations were victims of ransomware in the last 12 months. According to Enterprise IT World, the first nine months of 2021 saw 40% more cyber-attacks than the same period of2020. Equally important is that increasingly, these attacks originate from bad actors using publicly available tools, making hackers much more difficult to identify and be stopped.
ISACA’s report lists the top three threat actors to blame for exploited organisations: cyber criminals, hackers and malicious insiders. Interestingly, the most common attack types reflect historical trends: social engineering, advanced persistent threats, security misconfigurations and ransomware.
The Australian government, since 2018, requires the mandatory disclosure and reporting of data breaches and can impose large penalties. Although it is clear that no industry is safe, many businesses still don’t believe their information is at risk. In contrast, many hackers believe their own information is at risk, claiming tactics such as phishing/SPAM are still very effective.
Appropriately aligned policies, processes, an update and maintenance program, which are subject to regular review/update and evolve with your business is considered essential to maintain a security resilient IT environment. See the business model for information security from ISACA below.
Cyber-attacks are growing, but the talent pool of defenders is not keeping pace. This continues to be an ongoing struggle. Across the globe, multinational enterprises and small businesses encountered adversities with the onset of the COVID-19 pandemic: staffing in cybersecurity was no exception. Staff retention and attracting new talent can be achieved by being an employer of choice:
- Look after your staff
- Be mindful of burnout
- Know your workforce’s skills gaps and keep skills up to date
This is summarised in the table below from the 2022 cyber security skills gap publication published by My Security Marketplace.
- Social media and profiling
- Twitter and Instagram and other image location tracking
- Active internet attack
- Hacker search engines
- Data Breach information sold on the DarkNet, Deep Web or TOR
- Data leaks form systems, staff or vendors
As the global cyber threats change over time, security intelligence, training and protections also need to evolve. To ensure ongoing business resilience against modern day attacks, you must continually invest in understanding your threats and the available protections against them. See the diagram below from Hackmageddon.
- Get the basics right
• Over 75 percent of attacks exploit the lack of basic controls such as the Essential 8
- Look after your crown jewels.
• Prioritise where you spend your money to defendyourself. Build a fortress around your most critical assets or services.
- Do your homework on your enemies
• Invest in understanding who might attack you, why and how, so that you can anticipate the most likely scenarios and defend those assets that are most likely to get attacked.
- Treat cyber risk as an opportunity to look closely at your business
• Security and resilience can affect nearly every part of an organisation. Strategies to protect IT security and business resiliency should align with an organisation’s broader goals, from protecting intellectual property to maximising productivity to finding new ways to delight customers.
- Incorporate cyber risks into existing risk management and governance processes
- Implement industry standards and best practices, don’t rely on compliance
- Evaluate and manage your organisation’s specific cyber risks
- Provide governance oversight and review against business needs
- Develop and test incident response plans and procedures
- Establish a security culture and activity program
- Coordinate cyber incident response planning across the enterprise and suppliers
- Maintain situational awareness of cyber threats
- Patch or upgrade all operating systems, applications and Infrastructure, including mobile and other devices
- Ensure an integrated security endpoint protection solution is used on all systems and mobile devices. A virus/malware protection alone is not good enough
- Security-harden workstations and servers to vendor and industry baselines
- Know where your sensitive data is stored/transmitted, and ensure it is encrypted
- Implement two factor authentication on all systems and network with access to sensitive data. Also consider system-to-system service account security restrictions
- Ensure your suppliers and vendors maintain their security to your standards as a minimum
- Don’t reuse passwords, don’t share your passwords or sensitive information
- Ensure your wireless is using WPAv2 or better encryption security
- Periodically engage a security professional to conduct a security review
We can help you with completing the following services:
- IT maturity assessment
- Technical vulnerability assessment
- Security architecture assessment
- Security policy review and provision
- Security Program of Work and Schedule
- Technology implementation, advice and project management
Contact us to find out more.
AU Notifiable Data Breach requirements: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
Online safety advice and incident reporting