By Joseph Failla,
leads Accenture security practice within Australia & New Zealand.
When the Australian Government became a major target of cyber attackers in June 2020, the Prime Minister didn’t pull any punches in warning that all levels of government, critical infrastructure and essential services are under increasing attack by criminal hackers.
Worryingly, Accenture data shows that only 43% of Australian organisations are actively protected, and only 58% of breaches are being found by security teams.
Yet, many of the criminals succeeding in stealing data or infecting enterprise systems with ransomware are not particularly sophisticated. They are simply walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.
There are multiple recent incidents where attacks were totally preventable and where companies were materially affected because they didn’t have the basics right:
- If you can’t see it, you can’t defend it – Having as much visibility as possible across the IT environment is essential. Gaining visibility might not be cheap – but it’s worth the investment. Threat hunters can help identify where the organisation lack logs for specific artefacts, before ensuring all logs are ingested by a SIEM (security information and event management) tool that provides real-time analysis of all the security alerts generated by applications and network hardware.
- Backups won’t save you from ransomware – Many executives think their backups and offline copies are protection against ransom demands. If service is denied, they’ll simply reopen by spinning up the backup system. But now criminals have evolved their modus operandi. Domain admin access attacks are becoming more vicious. Perpetrators are selling access to other bad actors. Before deploying ransomware, they are exfiltrating sensitive information and threatening to leak the stolen data if their ransom isn’t paid.
Download Cyber Risk Leaders Magazine – Issue 3, 2020 to read full article.