In today’s hyper-connected digital business landscape, supply chain attacks are a very real risk for Australian companies that don’t embrace new protection strategies.
Has your organisation taken steps to bolster its cyber-security posture in the wake of last year’s extraordinary surge in malicious activity?
If the answer is yes, you’re in good company. For many Australian businesses, the SolarWinds SUNBURST attack was a wake-up call. On top of an unprecedented year of operational disruption and economic hardship, for enterprises of all stripes and sizes, this attack struck at the heart of organisations. While the pandemic opened the floodgates to a tsunami of malicious campaigns, SUNBURST proved that we are also at risk from the inside
The Australia Cyber Security Centre flagged the intensifying threat level in its ACSC Annual Cyber Threat Report July 2019 to June 2020.
"Phishing and spearphishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content," the report noted.
"The likelihood and severity of cyber attacks is also increasing due to our growing dependence on new information technology platforms and interconnected devices and systems."
Upping the cyber security spend
Industry watchers expect 2021 will be a big one for security spending, as decision makers find additional funds for tools and technologies that will better prepare them for the next big supply chain attack..
Australian organisations spent approximately $5.6 billion on cyber security in 2020 and that figure is expected to jump to $7.6 billion by 2024, according to AustCyber’s Digital Census 2020.
In addition to fending off phishers and other high-tech hijackers, many businesses will be focused on uncovering the attack inside the network before any damage can be done.
For many enterprises, the challenge is much greater than merely getting their own houses in order.
With businesses more digitally connected with suppliers, partners and customers than ever before, trouble can come in through the side door, via an attack on a vulnerable third-party vendor or software application.
The highly publicised SolarWinds SUNBURST incident of late 2020 is a case in point. Scores of US government agencies and enterprises were subjected to a series of massive cyber attacks, after malware was concealed within what appeared to be a regular SolarWinds software update.
The perpetrator – thought to be a state actor – was able to get inside through a legitimate software update and then move laterally throughout the network. The sophistication of this attack was high, if the malware detected certain software like many of the endpoint agents it wouldn’t deploy until it found a safe path.
Securing the supply chain
Feasible for something like this to happen to an Australian business? Unfortunately, the answer is yes – it’s all too possible.
Also concerning is the fact that once attackers have gained entry – they find ways to remain undetected and move laterally throughout the network. Attackers are patient and have time on their side. Sometimes it’s months or even years, as they gather and exfiltrate intelligence, plan enterprise wide disruption and cover their tracks by tampering with endpoints, destroying logs and other evidence of the incursion.
Combatting advanced attacks calls for a monitoring of network data inside the network, not just north-south, but east-west. Network detection and response (NDR) solutions passively monitor and utilise machine learning to achieve enhanced visibility of the entire network and its communications – without agents. This makes it possible for them to detect, investigate and rapidly respond to threats, both known and unknown, from wherever they may emanate.
NDR, when used in conjunction with EDR and SIEM, represents a solution to the cyber security challenge posed by the complex interconnected computing environments and mobile device arrays that have become commonplace in Australian enterprises.
A stronger safer future
In 2021, the threat of cyber attack is real and rising. It’s not enough to invest in enhanced protection, you must turn your sights to detection and response that reduce the likelihood of becoming victim to a supply chain attack, by uncovering the attack on the inside before it can breach your network.
Glen Maloney is the ANZ regional sales manager at ExtraHop