Forget the suspicious hooded figure arched over a computer monitor, decoding chains of green numbers like something straight from The Matrix – cyber crime has a changing face.
Anything online can be hacked, but what do threat actors want? And how can they be stopped?
Experts warn cyber security in the workforce has never been more important.
The 2020 CyberCX Annual Threat Assessment report highlighted an eye-opening year for cyber security, with organisations facing a surge in malicious cyber activity, not just from your garden-variety internet criminals but nation-state actors, and how they’ve exploited the COVID-19 crisis.
The report indicated many Australian and New Zealand organisations remained attractive targets for a range of cyber threat actors, often with financial motivation in mind.
In cyber security there is no such thing as a 100 per cent secure network.
A cyber threat actor can be a single person, group, organisation, or even a country, involved in carrying out a cyber attack, and according to CyberCX Western Australia Executive Director Steve Schupp, the pandemic has created new avenues for these threat actors to access confidential information.
“Threat actors have heavily exploited the pandemic through phishing campaigns, evoking emotional reactions to deceive victims,” he said.
“Working from home has made securing networks more difficult, leading to a significant expansion of attack surface areas.”
We are often told to regularly change passwords to prevent hacking, but Mr Schupp said threat actors didn’t need username or password information to access sensitive files.
“A lot of people think attackers need a username and password to access particular information – when an attacker is compromising a vulnerability in a system they are bypassing authentication controls,” he said.
“They then perform remote code execution, allowing the attacker to run any command they want on the company they have attacked.”
In cyber security there is no such thing as a 100 per cent secure network, but companies like CyberCX work to manage the risk of malicious attacks on companies both on a large and small scale.
“An environment that is secure today may not be secure tomorrow if a vulnerability is released and discovered,” Mr Schupp said. “A lot of the cyber security testing we do allows clients to discover where their network vulnerabilities are and remediate those.”
According to Mr Schupp, more is being done at a national level to improve the capability of cyber security and maturity in critical infrastructure.
Attackers aren’t looking for a specific target, just a vulnerable target, according to Steve Schupp.
“The recent cyber security strategy released by the Federal Government details a $1.35 billion fund over the next 10 years to invest in cyber security capability. I think that calls out the importance the Federal Government is placing on the issue,” he said.
Launched last year, the Cyber Enhanced Situational Awareness and Response investment package aims to boost the cyber security capabilities of the Australian Signals Directorate and the Australian Cyber Security Centre.
An announcement by Prime Minister Scott Morrison followed, warning that Australian governments, businesses and political organisations were under a series of cyber attacks, to which he later attributed to a state-based threat actor.
“The federal approach flows down into large enterprise and small business,” Mr Schupp said. “One of the issues for smaller business is what we call supply chain compliance.
“A lot of large entities are now assessing their supply chain’s cybersecurity capability because the potential for a large enterprise to be compromised via a small business is becoming larger.
“Sometimes it’s easier for an attacker to compromise the third party rather than going for the source. As a result, we are getting requests from WA businesses to help them articulate their cybersecurity maturity to their customers.”
Cyber security management
According to Mr Schupp, education is key to protecting network data, along with implementing multifaceted strategies across a company.
“Two-factor authentication has been rolled out as an industry standard. Password reuse is an issue and two-factor authentications can resolve a lot of those issues,” he said.
“Data access and backup is another issue – making sure your data has appropriate access controls on will ensure it’s not public.
“From a recovery point of view, having a backup process in place will allow you to restore data if a ransomware attacker was to target the company.”
Mr Schupp concluded that due to the geopolitical landscape, the threat to Australian businesses and governments had never been higher, and with the security of networks changing over time, it came down to how companies dealt with vulnerability management.