2016 cyber threat report: how to protect your business
Have you ever watched one of those epic nature documentary scenes where wolves are preying on a herd of bison? The wolves eventually pick off a weak individual from the edge of the herd, while most of the bison in the middle of the herd are pretty safe.
If you think about the cyber threat environment like one of those wolf-bison hunts, this year’s ACSC (Australian Cyber Security Centre) threat report paints the following picture: there are more wolves, they are much smarter, and they have honed their techniques. But the good news is that there are some very simple ways for businesses to manoeuvre into a safer, middle-of-the-herd position.
In fact, there is one practice that the ACSC ‘emphasises’ is ‘one of the most effective security practices organisations can perform’; pretty strong language for a government publication. I’ll tell you what it is in a minute, but first let’s look at the current risks.
What risks are you facing?
There are two main types of ‘cyber adversary’. There are highly resourced, highly sophisticated adversaries with specific targets and outcomes in mind. Then there are the opportunistic adversaries with broad targets and varied skill levels and motivations.
Targets of sophisticated adversaries
Most small businesses are not the primary targets of sophisticated cyber adversaries. Primary targets are mainly government departments and critical infrastructure.
Unfortunately, the risk to organisations that provide a kind of ‘back door’ to a primary target – such as a trusted relationship with the target, access to their network, or traffic through your website – has increased in 2016. These businesses face very tough, possibly state-sponsored, adversaries, but as secondary targets, their day-to-day operations might not be significantly hampered by a malicious presence.
Targets of opportunistic adversaries
Essentially, everyone with a computer is a target of an opportunistic adversary. Those are my words. In the words of the ACSC: ‘Australian industry is persistently targeted by a broad range of malicious cyber activity … [our] relative wealth and high use of technology such as social media, online banking and government services make it an attractive target for serious and organised criminal syndicates … The spectrum of malicious cyber activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies’.
Although opportunistic adversaries are relatively less sophisticated, they’re improving their methods in key cybercrime techniques and can severely disrupt day-to-day operations.
The key to staying safe from the malicious conduct of opportunistic adversaries is to avoid presenting them with opportunities to exploit your system. So let’s look at the ACSC’s recommendations for doing that.
Facing current threats
What was the one thing that ACSC identified as being the most effective security practice? ‘Applying patches to applications, operating systems and devices.’
It’s a pretty simple little measure that will help you move back from the outer edge of the herd. In fact, the ACSC notes that 85% of targeted cyber intrusions could be prevented by following the four simple mitigation strategies listed in their Strategies to Mitigate Targeted Cyber Intrusions.
This leads to maybe the biggest problem that the ACSC outlines for business: that the private sector remains unaware of risks, underprepared for attacks and underinvested in cyber security. What really matters when it comes to your business’s IT security, is having ‘the motivation to allocate effort and resources to improving your cyber security posture’.
So I’ll help you with a bit of motivation. You can contact Proactive IT Solutions for a FREE network security review. We can let you know where you stand in the herd; are you close to the middle, or out on the vulnerable edge?