Credit: Vs1489 | Dreamstime
Increasingly sophisticated security attacks are being deployed against the corporate systems of Australian companies and government departments. This is the latest message coming from the Australian Cyber Security Council’s (ACSC) 2017 Threat Report, announced by The Hon Don Tehan MP, Minister Assisting the Prime Minister for Cyber Security. As the frequency of cyber incidents increases, manual analysis of log data won’t keep pace with the current threats, let alone enable you to proactively predict and prevent tomorrow’s attacks.
WannaCry saw more than 300,000 computers across more than 150 countries get locked up by ransomware. Shortly after this, WannaCry’s evil twin brother, Petya, impacted many well-known Australian brands, bringing down organisations across a range of industries, from healthcare to manufacturing to legal. In the months following each incident, impacted organisations were reporting huge financial losses following outages caused by the breaches.
Credit: Michael Borgers | Dreamstime The ACSC’s finding that ransomware continues to be one of the most prevalent cyber threats faced by local organisations, could not be more timely. Over the last year, 24 percent of Australian organisations experienced a ransomware incident on at least a monthly basis and it took five hours or more to recover. In September this year, Accenture estimated that the incident mitigation cost increased by almost 26 per cent from FY2016 to FY2017, and that even small organisations of around 1000 “Enterprise Seats” had an annualised cybercrime cost of approx. $3.55 million USD per year.
In addition to ransomware attacks, the ACSC also highlights credential-harvesting malware and social engineering as significant threats to Australian businesses. This complex mix of growing threats indicates that only organisations with powerful analytics and end-to-end visibility of their data will adapt and remain competitive.
The report states:
“Although our cyber defences have gradually improved, especially in government, adversaries have kept pace by adapting their tradecraft and tools to circumvent enhanced security practices. The more advanced adversaries continue to invest in their capabilities, so staying ahead of them remains an enduring challenge.”
Clearly the message to the c-suite and board is that to get ahead of the adversaries, a disruptive approach is required.
Recent developments like the 2017 ACSC Threat Report make it very clear that you can’t stop a highly determined attacker from targeting your network. But if you’re equipped with the right security solutions, you’ll be well positioned to make better, faster decisions during security incidents.
Read more: How artificial intelligence is becoming a key weapon in the cyber security war
From monitoring whether basic security hygiene is being maintained to identifying weak areas that are overlooked, a Security Analytics solution is a good choice. It’ll allow you ‘real time’ reporting to determine patched systems, provide information about vulnerabilities, and update you on the status of endpoint protection solutions. Your Security Analytics nerve centre will also alert you to any notable security anomaly, whilst also slashing incident investigation and operational reporting costs.
Once you detect a threat within your environment, appropriate response is vital. A data-driven security operation underpinned by machine data is critical to business continuance with minimal impact.
Remember that threat actors today are moving much faster than any person could respond with manual tools. With so many threats in the mix analytics and automation platforms are essential tools for incident responders, as they track, contain and mitigate multi-vector threats.
Australian organisations need to take the government’s sharpened focus on cyber security as a warning that there’s no guarantee their network will never be hacked. Now is the time for businesses to streamline security infrastructure and drive threats out of their organisation at every opportunity. This will help make the organisation an extremely difficult target to even the most sophisticated cybercriminals.
