Australian law firms have never been more concerned about cyber threats and understanding the options for detecting attacks is critical, writes Simon Howe.
Found yourself attempting to manage and secure a corporate network that’s become far more widely distributed and complex than it was six months ago? Join the club.
The mass shift to remote working has thrown up a new set of challenges for Australian law firms and IT managers when it comes to ensuring the security and integrity of their systems and data.
Meanwhile, the need for them to do so has never been greater. Across the country, individuals and businesses are under daily attack from cyber criminals whose mission it is to defraud and disrupt. So much so that, in June, Prime Minister Scott Morrison took the unprecedented step of warning businesses to be on their guard against malicious cyber activity orchestrated by a sophisticated, state-based cyber actor.
Further down the food chain, scammers and phishers are attempting to capitalise on the COVID crisis by targeting individuals with fake materials, such as payment applications, test results and the like.
Following the Prime Minister’s warning, the government announced additional funding for a slew of cyber-security initiatives to help businesses combat the threat.
Counting the cost of cyber compromise
Technology which makes it possible to detect and stop threats before they become breaches is key to doing so – and the cost for businesses that don’t succeed can be frighteningly high. The Australian Cybercrime Online Reporting Network’s most recent research puts the average cost of a cyber crime to a business in Australia at around $276,000.
For larger enterprises, that figure can be many multiples higher, if an attack results in significant disruption to operations, as it did for Lion in June this year. The dairy and brewing giant underwent a partial shutdown, following a successful ransomware attack.
That’s why it’s critical law firms understand their options and adopt cyber-security strategies that are fit for purpose in today’s heightened threat climate.
Detecting and responding to breaches before they become problems
For many, that will mean implementing Network Detection and Response (NDR); a progressive security solution designed to provide full visibility into a network, regardless of its composition and complexity. NDR provides centralised, machine-based analysis of network traffic, and automated response solutions that are designed to halt hackers in their tracks, before they’ve had the opportunity to work their mischief.
It represents a step up, or several, on legacy security tools like intrusion detection and prevention systems, courtesy of the fact it does not rely, as they do, on signature technology. That means it’s not confined to identifying network attacks whose identifying characteristics have already been recorded in a database of known malware. Rather, it has the capability to nose out new and emerging threats, by analysing data longitudinally and identifying connections in multiple data points.
The real-time network insights and analytics this produces can be used to generate compelling evidence for threat analysis, policy enforcement, audit support and legal action.
Most importantly, they can be used to trigger automated responses – think disabling suspect accounts or blocking IP addresses – to an attack, without the need for IT staff to intervene.
Strengthening your security posture for a safer long-term future
Not sure if NDR is the right technology for your organisation, now and into the future?
If it’s full visibility across on-premises, remote and cloud environments you’re seeking, Gartner believes it should be part of the solution.
It suggests organisations augment their existing security information and event management (SIEM) and endpoint detection and response tools with NDR, to create a Security Operations Visibility Triad – a suite of technologies that enables security teams to get proactive about managing and mitigating threats before they become problems.
At a time when the risks are real and rising, it’s advice Australian law firms can ill afford not to take.
Simon Howe is vice-president, sales, Asia Pacific at LogRhythm.