Cyber Threat: Bolstering Organisational Resilience
In this data-driven age, where big data and IoT technology dominate, cybersecurity remains a top priority for organisations. The cyber threat landscape is continuously evolving, fueled by an underground economy where organised crime syndicates can sell access to organisational data on the dark web.
Australia is currently ranked in 6th place amongst the countries with the most significant cyber attacks worldwide (tied with the Ukraine). With cybercrime already predicted to cost the global economy US$6 trillion per year by 2021, the widespread instability and disruption caused by COVID-19 has intensified the risk matrix. Rapid moves to remote working and education, increased online business activities and fast adoption of digital supply chain technologies have contributed to our increased level of vulnerability, providing rich pickings for cybercriminals.
In light of this, the Federal Government’s 2020 Cyber Security Strategy comes at just the right time. Formulated around the 5 pillars of deterrence, prevention, detection, resilience and investment, the report contains 60 recommendations to bolster Australia’s critical cyber defences. It makes essential reading for anyone currently managing or developing a cybersecurity strategy.
We spoke to Ahmed Khanji, CEO of cybersecurity firm Gridware and Tracey Edwards, Board Director at AISA (Australia Security Information Association) about some practical steps organisations can take to ensure protection and resilience.
Understand the Risk
“The cyber risk landscape is constantly changing, which is why cybersecurity needs to be far more adaptive than 10 years ago. You’re seeing a lot of new tools, as well as companies offering services to address these new and emerging threats.”
“Small to medium-sized businesses are more vulnerable, as they often do not have the resources to implement a comprehensive cybersecurity strategy, and large organisations are more at risk because they are an attractive target for serious breaches.”
Nevertheless, there are several mitigation strategies which organisations can implement to protect themselves, some of which though relatively simple, can be very effective.
“The ‘essential eight’ contained in the Strategies to Mitigate Cyber Security Incidents from the ASD (Australian Signals Directorate) is a good place to start. No single mitigation strategy will guarantee cybersecurity but if you can implement all eight strategies a baseline, you will likely eliminate of the majority of threat factors.”
For some organisations, particularly small to medium size businesses who might lack the resources to implement a comprehensive cybersecurity strategy, it is still possible to significantly reduce risk by being proactive.
“SMEs make up to 50% of the targets of cybercrime and yet by implementing even some quite simple cybersecurity strategies, they can mitigate some of the most disastrous effects of a cyber breach.”
One very effective measure for mitigation malicious breaches is simply multi-factor authentication for access VPNS, remote desktops and business applications.
“Multi-factor authentication is not particularly technical to implement and yet extremely effective. At Gridware, we’ve rarely completed a forensic investigation for a breach where multi-factor authentication was implemented correctly. With increased numbers of employees working from home due to COVID-19 and logging in remotely to workstations and servers, even just this one measure could significantly reduce the risk of a breach.”
Do Not Underestimate the Cost of a Data Breach
With the growing prevalence of ransomware attacks in recent years, it is important that organisations know the value of their data. According to IBM’s Cost of Data Breach report 2020, the global average cost of a data breach is a staggering US$3.86 million.
“Once in the wrong hands, the cost of recovering lost data can be astronomical. Don’t be complacent, carry out a thorough inventory of all devices and applications where data sits, as well as which staff have access to what and why.”
“Ensure work computers are only being used for work purposes, encrypt your data, install a firewall to block any unwelcome access, keep applications up to date and uninstall any programmes not currently in use. And of course, keep anti-virus and malware protection up to date.”
“Make sure your data is backed up daily offsite and, more importantly, that you can access and restore it effectively. Data not being backed up correctly or that can’t be restored happens more often than you would think, and threat actors know this.”
Test for Vulnerabilities
To ensure your networks are not vulnerable to malicious breaches, penetration testing should be conducted at a minimum yearly and preferably 6-monthly.
“Many businesses don’t know they are a victim until it is too late. This is backed up by research which shows that, on average, a hacker spends 200 days inside a network before they are identified. Penetration testing will prevent these incursions by identifying vulnerabilities before a malicious actor can take advantage.”
“Something else that may be less obvious, is the importance of testing internal networks as well. Without proper patching, companies put themselves at risk of a basic user escalating their privilege to access restricted management files or payment information internally.”
Carry Out a Cybersecurity Audit
A cybersecurity audit is an essential tool for knowing your organisation’s risk level and identify any vulnerabilities.
“It is important to make sure someone with adequate credentials carries out a cybersecurity audit and organisations should consider outsourcing this task if they do not have the expertise in-house.”
With most, if not all, business transactions now being carried out electronically, there are additional risks that may not be obvious. Organisations that share solutions, software or accounts with suppliers should be aware that a breach of their supplier’s network could put their own networks at risk too.
“Know your supply chain cyber risks. Your cybersecurity is only as good as your supply chain. Many organisations share business solutions, software and accounts. Not segmenting networks and access controls allow threat actors to laterally move across the network from one business to another. An example would a courier company that has access to your sales software to get orders. If they have been compromised it could also put your database risk of being breached.”
“Implement multi-factor authentication, conduct penetration testing and, importantly, verify that your suppliers are also carrying out cybersecurity best practices. Consider including cybersecurity requirements in your supplier contracts.”
Educate Yourself and Your Colleagues
“Don’t get caught in a criminal’s net. Enforce policies around strong passwords and install a password safe program. Educate your staff around social engineering, so that they are alert to the risk around malicious emails, sms and phone calls. Create a culture of cybersecurity awareness and emphasise the message that cybersecurity is everyone’s responsibility.”
Take Action Now
Cybercrime has become one of the biggest risks that individuals, businesses and nation states currently face. It is vital that you follow best practice and adopt effective cybersecurity measures to keep your networks secure and protect your valuable data from malicious actors. In addition to the steps we have mentioned in this article, there are some great resources available to businesses and consumers to leverage, such as: Australian Government Stay Smart Online, Australian Government Essential Eight, Australian Government eSafety Commissioner, Australian Competition and Consumer Commission (ACCC) Scamwatch, as well as the Australian ReportCyber for reporting cybercrime.
To read more articles like this or to stay up to date with industry, subscribe to the Security Focus Newsletter and receive monthly updates.