One in three Australians have been exposed to data breaches in recent years proving no individual or business is immune. According to the most recent figures from the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breaches scheme, there were 497 notifications in the last six months of 2022, a figure up 26% on the previous reporting period.
October is Cybersecurity Awareness Month, and this month marks the program’s 20th anniversary. With this in mind, it’s worth looking at where Australia stands in terms of cybersecurity, and what can be done to improve our stance.
Nationally, the Australian Government is refreshing the 2020 Cybersecurity Strategy, with a report due by the end of 2023. Its goal is to make Australia the most cyber-secure nation in the world by 2030.
Home Affairs Minister Clare O’Neil has said the strategy will build six ‘cyber shields’ around the nation, helping to protect Australia’s people, businesses, and organisations – meaning Australians won’t be alone in silos trying to manage their cybersecurity challenges.
It’s not a matter of if, it’s a matter of when
For Australian businesses, the likelihood of experiencing a data breach is high. This is true for all types of businesses, but some have a bigger target on their backs than others. Those same OAIC Data Breach notification figures found the top sectors to flag data breaches were healthcare, followed by finance (including superannuation), as well as insurance, legal and recruitment.
Only a third of breaches were the result of human error or a system problem, with most attributable to malicious or criminal attacks. Nearly 30% of breaches were caused by ransomware, and another third via stolen or compromised credentials. Pure hacking, surprisingly enough, was the cause of only 8% of data breaches, while phishing, another way of compromising credentials, was responsible for 23% of breaches.
With this in mind, what are the emerging threats, and how can companies and individuals defend against them?
New threats emerge: the rise of GenAI
The rise of generative AI (GenAI), as well as sophisticated hacking automation tools, has given bad actors a potent weapon in their hacking arsenal. Phishing emails, written using GenAI have become more believable, increasing the likelihood unsuspecting people will fall for them and compromise their credentials.
Automated hacking tools and ‘hacking kits’ available on the dark web also mean it’s easier for hackers to access corporate networks, deploy ransomware and engage in phishing. But the same automation can also be used by organisations to defend themselves.
A key way for companies to reduce their attack surface is to deploy a zero-trust strategy. However, the concept of zero trust is sometimes poorly understood, and many organisations struggle to implement zero trust in a meaningful way.
So, what’s zero trust and how can companies use it to defend themselves?
Zero trust: your best defence against cybercriminals
The complex interconnectedness of multiple cloud services, SaaS providers and edge computing, as well as the rise of bring your own device (BYOD) and hybrid working, has turned security on its head. Businesses can no longer rely on a clear perimeter or the ability to control their entire infrastructure.
This is where zero trust comes into play. Zero Trust is a transformative approach to cybersecurity that gets rid of past assumptions and embraces new realities. It focuses on securing applications and data rather than network topology, emphasising continuous verification and automated enforcement of credentials.
While numerous companies and vendors have produced their own ad hoc zero trust products, they typically only target one of the seven Zero Trust pillars. Because of this, zero trust implementation is often a hodgepodge process, with dozens of solutions that solve singular problems but few integration options available. Often, the onus falls on the customer to fuse these disparate solutions together.
The reality is, that zero trust is a journey, and the destination is a well-defined set of integrated and automated security activities. The critical component for scaling end-to-end validated zero-trust solutions for companies is a robust partner ecosystem.
In addition to reducing the attack surface with zero trust, there are several ways organisations can detect and respond to cyber threats, as well as have plans for resilience in the event of a cyber attack.
Detection and response encompass several areas, including:
- Intrusion detection and prevention systems (IDS): Provide real-time monitoring and alerting for suspicious activities that could indicate a security breach or unauthorized access. By identifying these anomalies early, IDS enables organisations to take immediate action, minimising potential damage and enhancing their overall security posture.
- Anomaly detection: Identify unusual patterns that deviate from established norms, signalling potential malicious activity. Catching these anomalies quickly can prevent data breaches, unauthorised access and other security threats. The use of AI and ML algorithms can help speed the detection of threats.
- Real-time network traffic monitoring: Gain immediate visibility into network activity, allowing quick detection of unusual or malicious behaviour. This enables organizations to respond to threats in a timely manner, reducing the risk of data breaches and system compromises.
Organisations also must have capabilities in place that provide resilience and frequently test them to recover from a cyberattack. Effective recovery requires a well-defined incident response plan. As such, companies should also carry out:
- Incident Response and Recovery (IRR) program: Establish incident response protocols that outline roles, responsibilities and activities in the event an attack happens. A tested and well-practised IRR plan fosters good communication and coordination between internal teams, professional services and partners, as well as helps meet business uptime SLAs.
- Data protection: Regular backups of critical data and systems, along with immutable, isolated and/or secure offsite storage solutions and data encryption can ensure a speedy recovery of your data.
This Cybersecurity Awareness Month, we all need to focus on what we, as individuals, can do as our bit to protect ourselves and our companies against cyber threats. The reality is that people are the first and best line of defence, and education, along with strategies like zero trust, are key to working towards Australia becoming the world’s most cyber-secure nation by 2030.