Cybersecurity

Since January of this year, there have been 36 significant incidents globally impacting the geopolitical situation, along with 97 major cybersecurity breaches in Australia. Notably, some of these organizations and businesses operate on a global scale and have experienced multiple attacks. Here are some of the businesses, organizations and brands impacted so far:

Court Services Australia, Labour Party, The Department of Communities, Central Coast Council, Australian Human Resources Institute, Victorian Auditor-General’s Office, Yarra Council, Football Australia, Nissan Australia, LinkedIn, Adobe, X (formally Twitter), Europcar, Tangerine Telecom, Telstra Opticomm, Fujitsu, Microsoft, Microsoft Azure, American Express, Suncorp Bank, McDonald’s, IMF, Roku, DJI, OracleCMS, Qantas, Dell Computers, Western Sydney University, Ticketmaster / Live Nation, Shell, Ticketek, Panasonic Australia, Levi’s Strauss & Co, Diabetes WA, Ambulance Victoria, Monash Health, MediSecure, Harry Perkins Institute of Medical Research, Optimum Allied Health, Healthed, Canberra Medical Centre, Royal Australian College of General Practitioners, Smoke Alarm Solutions.

Worryingly 9 of these breaches are healthcare related and few of the organisations have been breached multiple times. The last one, Smoke Alarm Solutions really stands out for cybersecurity breach and one can only imagine what’s the deeper objective behind this cybersecurity breach and data loss. ???

Source: https://www.webberinsurance.com.au/data-breaches-list

?

Why do these data breaches happen?

A data breach refers to any instance in which someone accesses data that they aren't allowed to see. Most breaches expose consumers’ sensitive information. Criminals can sell this information on the Dark Web or use it themselves to bilk victims. In online hacks, breaches and cyberattacks, threat actors take advantage of security vulnerabilities in the technology that protects important data. This is by far the most common type of data breach, representing more than 80% of the attacks reported by the Identity Theft Resource Center.

?

Common types of cyberattacks

• Malware. A user installs malicious software on a computer that harms the operating system. Spyware which is a type of malware then pilfers personal information from user accounts.
• Ransomware. This is a type of malware that encrypts the data on a computer or system, making the data unusable unless the victim pays a fee.
• Credential stuffing. Cybercriminals use leaked usernames and passwords on other sites. For example, they will try to log in to your email account with the username and password exposed in a social media breach.
• DNS tunnelling. DNS tunnelling strong-arms the Domain Name System to connect a victim’s computer to the attackers. Since it’s the DNS resolver that facilitates this tunnel, it’s almost impossible to detect the connection.
• Denial-of-service (DoS). DoS attacks flood a website with bogus requests so that the server can’t handle legitimate requests.
• Cross-site scripting (XSS) attack. In this attack, a hacker sends a server code instead of a legitimate entry, e.g., including a JavaScript snippet instead of a username. For applications that aren’t correctly set up, hackers can run this code and harm the user, the application, or both.
• Trojan horse. Like the Greek myth, a Trojan horse is something that looks legitimate on the outside, but cloaks an attack. Trojan malware might look like a harmless attachment, app, or extension, and even operate as such but it contains malicious code to harm your machine.
• SQL injection. Like an XSS attack, a SQL injection happens when a hacker sends harmful code instead of legitimate requests. SQL refers to the language used for databases, and these kinds of attacks typically involve pilfering information from a database.
• Zero-day exploit. Zero-day attacks use previously unknown security flaws, so cybersecurity experts have “zero days” of preparation. These are perhaps the most dangerous type of attacks. A 2020 report showed that zero-day vulnerabilities were responsible for 80% of successful data breaches.

?

Examples of system and human errors

Among the weakest points of any system are its human gatekeepers. Criminals take advantage of misconfigured software or use social engineering, a type of hack meant to manipulate people’s emotions to perform a breach.

• Phishing occurs when a hacker purporting to be a trusted authority tricks someone into sharing personal information by sending fake text messages or emails warning users of expired passwords. The link in the texts or emails leads to a sign-in page clone designed to steal credentials.
• Physical correspondence. Phishing scams don’t have to be overly technical. A newly emerging way for cybercriminals to install malware is to send victims a USB drive letter from a trusted company. When connected to a computer, the drive immediately installs malware.
• Social Engineering. As a hacker, why go to the hassle of creating your own access point to exploit when you can persuade others with a more legitimate claim to the much sought-after data, to create it for you?
• Misconfigured firewalls. Firewalls prevent certain types of information from passing in and out of networks, but require precise settings and permissions. It’s easy for an IT administrator to set these up incorrectly.
• Too Many Permissions. Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein on who has access to what within their organisation are likely to have either given the wrong permissions to the wrong people or have left out of date permissions around for a smiling hacker to exploit!
• Delay in patching. Patches are software updates that fix known vulnerabilities. But when users put off installing updates, their systems are at risk.
• Unsecured cloud environment. Many companies today use cloud platforms like Microsoft Azure, Google Cloud Platform, or Amazon Web Services; but they may not have set them up correctly. A 2021 report found that the average business has 40 instances of exposure while using a cloud service.

What is Cybersecurity?

Cybersecurity is all about keeping computer systems and electronic data safe. As cyber crime becomes more frequent, cybersecurity practitioners are increasingly needed to protect people, organizations and their information. Cybersecurity involves protecting organizational and customer data from malicious attacks. As cyberattacks become more frequent, organizations, consumers, and governments are increasingly vigilant. This heightened awareness and the implementation of protective measures can be seen as a growth opportunity for organizations that can build digital trust.

Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cyber crime become even more serious. According to McKinsey, organizations adept at creating digital trust are more likely to experience at least 10 percent annual growth.

Protection Measures

Organizations and individuals can protect themselves through various means, including network security, information security measures like the GDPR, antivirus software, and firewalls. Despite extensive protective measures, organizations often fall short due to the evolving tactics of cyber criminals. The shift to remote work, for example, exposed new vulnerabilities that cyber criminals exploited, leading to significant increases in cyber crime and financial losses.

Cybersecurity measures are steps taken to keep computers, networks, and data safe from hackers and other online threats. They include tools like firewalls and antivirus software, as well as best practices like controlling access to sensitive information and training employees to spot potential risks. Cybersecurity measures are critical in protecting digital assets and sensitive information in today’s interconnected world. Some common cybersecurity measures include:

• Encryption
• Firewalls
• Antivirus Software
• Access Controls
• Intrusion Detection Systems
• Security Patches
• Employee Training?

Here are the top 5 cybersecurity measures every organization must embrace in 2024 and beyond.

Zero Trust Architecture

One of the first concepts organizations must implement in the context of cybersecurity is Zero Trust Architecture (ZTA). The goal of ZTA is to prevent unauthorized access to sensitive data and systems, even if an attacker manages to compromise the network perimeter. As a security model, ZTA assumes all network traffic is untrusted and requires verification before accessing any resources. Therefore, all users, devices, and network traffic are treated as potential threats and subjected to stringent authentication and authorization controls.?

Since ZTA is designed to be flexible and adaptable, organizations can implement security controls that best fit their specific needs. Using it with other security measures, for example, Identity and Access Management (IAM) systems, can provide a comprehensive security solution.

?

Multi-Factor Authentication

Multifactor authentication (MFA) is widely used to secure online accounts like email and financial accounts. It is also employed to control physical access to buildings and other secure areas. It makes unauthorized access to an account or system more difficult, requiring hackers to pass through multiple levels of authentication to be successful.

?

System User Audits

A system user audit reviews and evaluates system users (also known as “accounts”) within an organization’s IT ecosystem. It aims to ensure all system users are properly authorized and that their access is appropriate and secure.

The results of a system user audit, infused with AI insights, will then be used to identify and address any security weaknesses or vulnerabilities. As a best practice, organizations must conduct system user audits quarterly.

?

Subject Matter Experts

In 2024, organizations must also engage with Subject Matter Experts (SMEs) who have a deep understanding and expertise in cybersecurity and Artificial Intelligence. Through cybersecurity assessment services, they can help identify and mitigate potential vulnerabilities as well as protect an organization’s systems and data from threats.

Overall, the expertise and knowledge of SMEs along with the analytical power of AI can be an invaluable cybersecurity measure that helps organizations improve their cybersecurity posture and reduce the risk of cyber-attacks.

?

Third-Party Management Program

Navigating the complexities of infusing AI into cybersecurity can be challenging for organizations. That’s where expert Third-Party Management professionals, well-versed in AI-infused cybersecurity, become important to ensure seamless collaboration and safeguard organizational interests. These professionals can also enable ongoing monitoring and management to ensure they meet the organization’s standards at any given time.?

Overall, a good third-party management program should be comprehensive, proactive, and well-defined. It should have clear processes and procedures to ensure that the organization works with trustworthy, responsible, and reliable third parties.

?

Projected Cybersecurity Trends (Next 3-5 Years)

• On-demand Access and Data Platforms: The shift to mobile platforms and remote work increases the dependency on large data sets, heightening the risk of breaches.
• Advanced Attack Techniques: Hackers now use AI, machine learning, and other technologies to launch sophisticated attacks, reducing the lifecycle of an attack from weeks to hours.
• Regulatory Landscape and Talent Gaps: Increasing regulatory scrutiny and a shortage of cybersecurity talent mean organizations must continually adapt their cybersecurity strategies.

?

Regulatory Approaches to Cybersecurity

Policymakers are increasingly focused on data security, with significant legislative efforts in the US and stringent regulations like Europe’s GDPR. US organizations can prepare for new regulations by enhancing their readiness, response, and remediation strategies to handle cyberattacks.

?

Cybersecurity Technology and Service Providers

Cyberattacks are projected to cause $10.5 trillion in damage annually by 2025. Despite significant spending on cybersecurity, threat volumes are expected to rise. Providers can focus on:

• Cloud Technologies: Protecting cloud configurations.
• Pricing Mechanisms: Creating products for small- to medium-sized businesses.
• AI and Machine Learning: Developing tools to make human analysts more efficient.
• Managed Services: Offering comprehensive, outcome-focused solutions.

?

Mitigating Future Cyber threats

Organizations should consider capabilities such as Zero-trust architecture, behavioural analytics, elastic log monitoring, homomorphic encryption, risk-based automation, defensive AI, and secure software development. These measures can help build more resilient cybersecurity infrastructures.

?

Cybersecurity Talent

Securing an organization's environment requires both technical controls and skilled personnel. Adopting a talent-to-value approach helps prioritize hiring for roles that most effectively reduce risk and create security value. Steps include identifying critical activities and risks, defining priority roles, and building appropriate job descriptions.

?

Conclusion

Cybersecurity is a dynamic and essential aspect of modern organizational operations. As cyber threats evolve, so too must the strategies and technologies used to combat them. Organizations that proactively enhance their cybersecurity measures, adapt to new regulations, and invest in skilled talent will be better positioned to mitigate risks and capitalize on growth opportunities in an increasingly digital world.