ACSM
A cyber attack's name may change, but the reason it happens doesn't. By Garett Paton Director Data Protection Solutions at Dell Technologies, ANZ
A
s Albert Einstein didn’t say, the definition of insanity is “to do the same thing over and over again and expect different results.” (Sidenote, it was a mystery novelist Rita Mae Brown who said, or at least wrote it,). And yet, when it comes to cyber security this is essentially the approach: not addressing the fundamental problems that create the vulnerabilities in the first place and then being surprised by an attack year after year. Now, it might seem strange to say that security does not always change dramatically over the years. No one can have missed the often-devastating attacks that have been front page news for much of 2021. And similarly, we’re seeing cyber-attacks used in conjunction with traditional warfare in modern conflicts. However, while the scale of the attacks has changed, the security industry is still facing the same problems it has for the past 20+ years.
So, what has changed and what hasn’t? The difference now is that the cost of complacency is now too high. In February, cybersecurity authorities in Australia, the US and UK issued a joint advisory highlighting the increased globalised threat of ransomware. They noted that Australian organisations of all sizes were potential targets, not just the “big fish”. Despite the high-profile examples, threats are hitting all levels of business And sure, ransomware attackers may be tweaking their
16 | Australian Cyber Security Magazine
methods to increase impact, by targeting the cloud, the supply chain or managed service providers. But they still use the same approach. Even in a year as unpredictable as 2021, the threats organisations and individuals faced were fundamentally the same as they’ve been for decades: phishing and fraud. The difference is they were updated to be attractive to today’s targets. The fact is, it is still too easy for adversaries to access an organisations’ networks and cause harm, and often through a known vulnerability. Without addressing these issues, hackers will continue their successful efforts In a nutshell, technology departments must get better at quickly identifying and fixing vulnerabilities before they can be exploited. In turn, tech providers must get more proficient at developing secure and resilient technology. When security is embedded into all technology, organisations are better positioned to identify, protect, detect and respond to threats. In essence, there three longstanding problems our industry needs to resolve now
Plug the workforce gap A hacker’s potential to cause harm is unlimited, so defenders must get it right every time. This requires impressive defences, but most organisations struggle to find enough cyber talent to build it. Talent may be the biggest issue facing our industry. According to not-for-profit AustCyber, nearly 17,000 more
