Hackers are getting smarter and stealthier, and so must Australian businesses if they hope to avoid disruption and data compromise.
Hands up if the continual media coverage of cyber attacks and data breaches over the past 12 months has your organisation on edge.
Your concern is justified. Since the COVID pandemic began in earnest in March 2020, hackers and cyber criminals have been having a field day, in Australia and around the world.
Ever opportunistic, many have sought to cash in on the fear, uncertainty, doubt and hunger for up to date information that invariably accompany a major crisis. Hence, we saw a wave of COVID-related phishing gambits, inviting SMS and email recipients to click on links that purported to provide information about income support payments, local virus testing services and the like.
Meanwhile, mass migration to remote working opened up a new risk frontier for organisations that were unused to supporting the work from home model and did not have appropriate governance and security controls in place.
And as the annus horribilis that was 2020 wore on, Prime Minister Scott Morrison confirmed what many chief information security officers already suspected: Australian companies and organisations across a range of sectors were under sustained attack, from sophisticated and well-resourced adversaries with a mission to damage and disrupt.
The high profile victims that had a taste of just how much chaos a determined bunch of cyber banditos can cause included a dairy and beverage giant. In June 2020, the company experienced back-to-back cyber attacks that crippled its manufacturing and IT systems and caused disruption and delays up and down its supply chains. The perpetrators demanded a reported ransom of $1 million to restore normal service.
Ransomware – but not as you knew it
So, what does 2021 have in store for beleaguered businesses? In short, much more of the same.
Ransomware will remain the number one cyber threat, as it has been for several years, notwithstanding the fact that it flew under the radar for a spell, while the likes of WannaCry and NotPetya took centre stage.
What evolved in the interim is the perpetrators’ modus operandi. We’re seeing less of the scattergun approach of yore and more calculated, long-term campaigns that home in on the specific vulnerabilities of organisations.
Instead of seeking to hijack every PC and laptop on the network and extract a bitcoin ransom per unit in return for unlocking them, hackers are setting their sights on the corporate crown jewels. By that, I mean core databases that contain critical and sensitive information that businesses may be prepared to pay big bucks to unlock, retrieve, or keep out of the public domain. Extracting that data and figuring out ways to use it can be less dramatic but more profitable than seizing up a slew of screens simultaneously.
Protecting the enterprise
So, how can businesses ensure they don’t become this year’s news story? Unfortunately, there’s no silver bullet. There are, however, sensible steps you can take to harden your attack surfaces and turn your enterprise into a less attractive target.
One step that can be taken in the new year is to make better use of the network data that all organisations already own. Network data provides a ground source of truth that attackers can’ hide from or tamper with. By passively monitoring all communications and devices that connect to the network, a new opportunity opens up for greater visibility into what is connecting to the network (even IoT) and what applications are communicating with whom. Most importantly, using machine learning to analyse behaviour on the network means that if a bad actor breaks past front-line defences you can spot the unusual behaviour and attack patterns before they can breach the network.
Moving forward with confidence
Cyber attacks are disruptive and have the potential to be economically devastating. In 2021, Australian businesses must continue to take steps to strengthen their defences to stop attacks even after they have compromised the network
Jeff Costlow is the chief information security officer at ExtraHop.