Inspecting the future of ransomware threats with Vectra’s CTO By Oliver Tavakoli Vectra Chief Technology Officer
In the last few years businesses and security leaders have been zeroing in on how to better manage and secure cloud infrastructure amidst a wave of change, as enterprise cyberattacks evolve and proliferate. Recent studies have revealed that 80% of Australian organisations were hit with ransomware in 2021, up from 45% in 2020. Vectra’s own research found that 57% of ANZ respondents feel it is possible or likely they have been breached whilst being unaware it is happening, 75% have experienced a significant security event that required an incident response effort, and 9% are not fully confident their security tools would protect against sophisticated attacks. As CTO for Vectra, a big part of my focus is the future, creating ‘thought experiments’ to determine the best ways to protect our critical data and systems. With planes back in the skies, I was delighted to be speaking at the Australian Cyber Conference this month to discuss and debate some of these so called ‘experiments’ with others in the industry. Ransomware remains as significant a topic of debate among cybersecurity professionals in Australia as it does elsewhere in Europe and the US. The other consistent issue is related to supply chain attacks, including traditional on-premises products as well as services delivered via the cloud. Within Australia, migration to cloud and SaaS, and the inability to source experienced talent that understands the
36 | Australian Cyber Security Magazine
security implications of clouds, are also connected issues. There is real tension between businesses wanting to go agile through cloud adoption, and security teams trying to gain visibility and implement security in those environments. In a perfect world, that tension is resolved in a balanced manner, but we don’t live in a perfect world and often the business imperative to rapidly roll out new services outstrips the ability of organisations to do so securely.
The problem with cloud Not so long ago, on-premise networks were wide open to attackers and so this has been our focus. Now, employee traffic is predominantly accessing applications across the internet, so we neet to be looking at logs in cloud platforms such as Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP), cloud identity systems such as Azure AD and Okta and collaration applications such as Microsoft 365 and Google Workspace. Highlighting how businesses are being inundated with cyber criminals looking to capitalise on vulnerabilities, the Australian Cyber Security Centre (ACSC) reported it received one cybercrime report every eight minutes over the 12 months to June 30, 2021. On top of this, the ACSC stated that Australia experienced a 13% jump in cybercrime over the year, with about one incident in four targeting critical
