Current AU cyber threat report: how to protect your business
It’s kind of nerdy, but I love well researched and presented information from reputable sources – especially when it’s free and helpful.
Every year, the government’s Australian Cyber Security Centre releases a comprehensive study of the current and emerging threats affecting Australian’s cyber security. It’s a long document, but I’ve done the heavy lifting for you and extracted the information most relevant to SMEs.
If even this summary is too daunting, you can always skip to the end for a list of the six main methods that cyber criminals are currently using to target Australian businesses.
This year’s ACSC Threat Report confirms what we already know: cybercrime is on the rise. But what it also reveals is just how incredibly simple it is to mitigate against the most common forms of cyber breach.
Of all the cyber security incidents reported to the ACSC by the private sector last year, more than three quarters were the result of a malicious email (22%) or a compromised system (56%); and the vast majority were criminally motivated, typically for financial gain.
Who is targeting your business?
Cybercrime is fast evolving and there are two distinct arenas: the sophisticated adversary who targets well-protected networks; and the opportunistic cyber criminal who uses publicly known network vulnerabilities and social engineering.
Targets of sophisticated adversaries
Most small or medium businesses are not the primary targets of sophisticated cyber adversaries. Primary targets are mainly government departments and critical infrastructure. However, there has been an increase in the targeting of trusted third parties, particularly service providers.
Some Australian networks of global service providers have been compromised, and through them, so have some of their customer’s networks.
Targets of opportunistic adversaries
Although opportunistic adversaries are relatively less sophisticated, their expertise is constantly improving, and they’re adapting their methods to target specific businesses directly.
Every individual with a computer, smartphone or personal device is the target of an opportunistic adversary; and businesses offer attractive cash and data harvesting opportunities.
There has been significant growth in unskilled perpetrators of cybercrime entering the field with the advent of the ransomware-as-a-service (RaaS) business model.
What makes your business a target?
Cyber criminals love what business has to offer; and SMEs can make easy targets because they often don’t have all the best protections in place.
You may assume that just because you’re not storing credit card details or banking passwords you’ve got nothing worth stealing. Untrue. There is no end to the ways in which data can be used to generate profit. All sorts of information your business stores makes you a target for malicious activity, including:
- Commercially sensitive information
- Client information
- Bulk data containing personal information about the public
- Sensitive legal advice
- Proposed negotiating positions
- Marketing strategies
- Work history
- Intellectual property
- Staff information.
Cyber criminals also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft their malicious cyber activities.
What are the main threats to your business?
As Australians become increasingly security aware, and IT networks harder to breach, cyber criminals are using social engineering techniques to manipulate human trust and elicit information in order to bypass security protocols that can’t be breached by technical means.
The main threats to SMEs come from opportunistic cyber criminals who uses publicly known network vulnerabilities and social engineering.
The goal is to gain access to your network in order to do any or all of the following:
- harvest personally identifiable information (PII) to facilitate financial crimes and identity theft
- access email systems to impersonate a senior employee to facilitate misdirection of funds from the business
- encrypt and ransom data
- cause nuisance or embarrassment.
Prevention as an investment
In the ACSC’s own words, “investing in a solid baseline of network security will help [your business] avoid having to spend even more when faced with a network compromise.”
The key to staying safe from the malicious conduct of opportunistic adversaries is to avoid presenting them with opportunities to exploit your system.
The Australian Signals Directorate’s (ASD) Essential Eight Strategies to Mitigate Cyber Security Incidents provides a prioritised list of practical actions that organisations can take to make their computers and networks more secure. These are the answer to the cyber threat and are now considered to be the baseline for Australian organisations.
TLDR: a summary of the current threat environment
- Cyber criminals’ levels of expertise is improving, and they are adapting their methods to target specific businesses directly. At the same time, there has been significant growth in unskilled perpetrators of cybercrime entering the field with the advent of the ransomware-as-a-service (RaaS) business model.
- Cyber criminals continue to seek access to repositories of large amounts of personally identifiable information (PII) to facilitate financial crimes and identity theft. Government and commercial bulk data repositories are a particular target as they provide a single point of storage for valuable information on large numbers of Australians.
- As it has become more difficult for adversaries to directly compromise their targets they have sought secondary or tertiary access into primary targets. This means that service providers are now the targets of sophisticated cyber activity aimed at gaining access to networks or information related to their clients.
- Adversaries of all kinds continue to use rudimentary techniques and known network vulnerabilities to compromise networks that lack baseline cyber security measures; and routinely scan the environment for further vulnerabilities.
- The Internet of Things (IoT) continues to represent significant security risks. Because security is not always given priority during their design, the introduction of IoT devices into a network can provide a handy back door.
- As Australians become increasingly security aware, and IT networks harder to breach, cyber criminals are using social engineering techniques to manipulate human trust and elicit information in order to bypass security protocols that can’t be breached by technical means.