Giving the gift your IT security team deserves this holiday season

Regardless of how far out you approach the holidays, it’s clear from the string of cyber attacks and breaches in Australia and across the Asia-Pacific region that cyber criminals never stop. According to the Australian Cyber Security Centre’s (ACSC) latest threat report, the agency received 67,500 cyber crime reports in the 2020-21 financial year — up 13 per cent on the previous year. That equates to one report every eight minutes.

Attackers are always looking for the easiest way in and will continue to exploit holiday periods to launch attacks in the hope of finding security teams distracted and ill-prepared.

For many organisations, December and January are the most vulnerable months of the year. If Optus, Medibank, Energy Australia, and MyDeal are precursors, then understandably there is constant concern over what’s next and a need for more than detection and response after the fact.

But it doesn’t all have to be coal in stockings. Fortunately, there’s an opportunity to spread a little seasonal joy this year by helping organisations quickly improve their defences for the holiday season — and assuming breach will set you up to avoid unwanted gifts.

Why is it cyber crime season?

Ransomware is top of mind for any chief security officer these days. According to the ACSC, the average loss per incident grew 1.5 times over the previous financial year to reach more than $37,000.

In many cases, these costs are much higher.

It’s not just the direct cost of incidents that focus the attention of Asia-Pacific organisations. Insurance premiums are rocketing across the globe, and in many cases, best practice security measures are now a prerequisite for coverage.

VIEW ALL

Cyber criminals are increasingly looking to capitalise on understaffed IT departments during the holiday seasons. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that cyber attacks like Kaseya, JBS USA, and Colonial Pipeline have all happened during holiday weekends in the United States, for example.

However, ransomware is not the only threat facing organisations in the region. Theft of customer data and sensitive intellectual property is an ever-present risk in some of the busiest and most vulnerable verticals at this time of year — including retail, banking, telecoms and legal.

In retail and banking especially, this stolen customer data helps to fuel rampant fraud and account hijacking attempts. Many businesses emerging from lockdowns may be especially vulnerable to attacks.

Among the challenges they face defending attacks over December and January are:

• Staffing: most businesses will close during the holidays, leaving only a small IT team on call if a major incident strikes. Those that do continue to work may likely do so remotely and alongside other devices at home and on public networks. This can delay response times, expand the attack surface, and increase opportunity for damage and better containment is essential to buy more time.
• Unsupervised networks: this means more potential vulnerabilities and opportunities for threat actors to compromise vital corporate assets.
• Production freezes: in many retail and other organisations, there’s no opportunity to make infrastructure and security control changes in response to emerging threats.
• Proposed fines: increased penalties for serious or repeated data privacy breaches. Proposed updates in Australia’s Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 include AU$50 million, or three times the value of any benefit it obtained through the misuse of information, or 30 per cent of the company’s adjusted turnover in the relevant period, whichever is greater.

Let the gift-giving commence

While it’s inevitable that there will be breaches over the coming holiday period, organisations can limit the impact of these with the help of zero trust segmentation.

Zero trust segmentation helps contain the spread of breaches and ransomware by continually visualising how workloads and devices are communicating, creating granular policies that only allow wanted and necessary communication, and automatically isolating breaches by restricting lateral movement proactively or during an active attack.

If you want to ensure your organisation is prepared and protected as much as possible from cyber attacks this holiday season, consider the following:

1) Give your boss the gift of risk reduction.

• Improve your digital defences and limit your breach exposure by pinpointing the applications and systems running in your infrastructure that are most at risk.
• Protect against malware and other cyber attacks both proactively and during an incident by blocking unsafe network communications. In so doing, contain ransomware incidents before they become holiday headline events.
• Highlight how you have measurably reduced the opportunity for malicious actors to reach and compromise critical assets.

2) Give the hackers a lump of coal via strong zero trust segmentation.

• Lockdown the pathways that are commonly exploited by ransomware, like NetBIOS, SMB, RDP, and WinRM.
• Shut down routes to deprecated services that still live in your environment or legacy, unpatched systems that open a door into your network.
• Focus on highly connected ports, peer-to-peer and administrative access ports, and limit endpoint access to cloud and data centre assets to mitigate risk further.

3) Give your security operations (SecOps) team the gift that keeps on giving.

• Effective containment of threats is a major improvement in incident response, providing more time for SecOps to act.
• Gain more intelligence to neutralise threats. Any communication that violates security policy immediately triggers alarms and events to expose the attempt.
• Be prepared with pre-built policies so that you can safely activate emergency protection in case of a breach.

Threat actors will be primed and ready this holiday season. Make sure you are, too, with a security strategy to stop them in their tracks.

Liam Garman

Liam Garman is the editor of leading Australian security and defence publications Cyber Daily and Defence Connect. 

Liam began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed a range of international media and communications campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to researching and writing extensively on geopolitics and defence, specifically in North Africa, the Middle East and Asia. He holds a Bachelor of Commerce from the University of Sydney and a Masters of Strategy and Security from UNSW Canberra, with a thesis on postmodernism and disinformation operations.