Cyber Security
Plugging the gaps: Australian organisations are leaving their defence barriers wide open for attackers By Joseph Failla leads Accenture security practice within Australia & New Zealand.
W
hen the Australian Government became a major target of cyber attackers in June 2020, the Prime Minister didn’t pull any punches in warning that all levels of government, critical infrastructure and essential services are under increasing attack by criminal hackers. Worryingly, Accenture data shows that only 43% of Australian organisations are actively protected, and only 58% of breaches are being found by security teams. Yet, many of the criminals succeeding in stealing data or infecting enterprise systems with ransomware are not particularly sophisticated. They are simply walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there. There are multiple recent incidents where attacks were totally preventable and where companies were materially affected because they didn’t have the basics right:
•
28 | Cyber Risk Leaders Magazine
If you can’t see it, you can’t defend it – Having as much visibility as possible across the IT environment is essential. Gaining visibility might not be cheap – but it’s worth the investment. Threat hunters can help identify where the organisation lack logs for specific artefacts, before ensuring all logs are ingested by a
•
•
SIEM (security information and event management) tool that provides real-time analysis of all the security alerts generated by applications and network hardware. Backups won’t save you from ransomware – Many executives think their backups and offline copies are protection against ransom demands. If service is denied, they’ll simply reopen by spinning up the backup system. But now criminals have evolved their modus operandi. Domain admin access attacks are becoming more vicious. Perpetrators are selling access to other bad actors. Before deploying ransomware, they are exfiltrating sensitive information and threatening to leak the stolen data if their ransom isn’t paid. You can spot attacks before they happen – Criminals love ransomware because it’s easy to use and devastatingly destructive. In 2019, the cost of ransomware to organisations around the world increased by 21%. The good news is we can now detect moves to install ransomware in time to stop deployment. Before ransomware is rolled out, hackers need to spend weeks or months inside the system planning the attack. Threat hunters can detect traces of these actions. They look for tiny anomalies in the noise of the system and follow these ‘breadcrumbs’ to
