Staying ahead of the changing threat landscape in 2023
There is no doubt that 2022 was the most challenging year to date for cyber security in Australia. With a number of highly publicised security incidents, cybercriminals have wreaked havoc resulting in millions of customer's personal information being uploaded to the dark web – it was a year that saw cyber security being elevated to the highest priority.
The increasing cyber risk landscape facing Australian businesses has resulted in changes to the penalty regime for serious or repeated breaches of the Privacy Act 1988 – Under The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, Australian companies can now be fined up to AUD $50 million for data breaches. Previously, the penalty for severe data exposures was AUD $2.22 million, which is now considered inadequate given the increased prevalence and level of sophistication of cyber threats.
As we move into 2023, the threat landscape continues to strengthen and evolve. Threat actors are becoming increasingly sophisticated and aggressive in their attacks, targeting enterprises of all sizes throughout every industry. Mandiant recently released key findings from its Cyber Security Forecast 2023, which forecasts the global threat landscape so companies can mitigate likely cyber threats.
In the APAC region, the report states that manufacturers could be a major target for ransomware operators. As IT and OT converge and become more digitised, there is a greater opportunity for hacktivists to gain access to the OT environments. To maintain business continuity and secure your network infrastructure and supply chain, it's important to stay ahead of threats by boosting the ability to monitor, detect and respond to threats to enable strong recovery strategies.
Another key issue for our region moving forward is our solidarity for Ukraine resulting from the Russian invasion. Australian sanctions on Russia for invading Ukraine could see Russia expanding its cyber operations to the APAC region.
Russia is likely to continue to conduct retaliatory actions, including additional destructive or disruptive cyber attacks, particularly against the government, financial services, and energy and utilities sectors. Russian doctrine also views information warfare as a wide-ranging concept crucial to any armed and/or diplomatic conflict.
Russian information warfare combines cyber operations, electronic warfare, psychological operations and information operations, with the ultimate goal of controlling the 'information sphere' – a vital component of Russian strategy.
In addition to using disruptive and destructive in advance of kinetic ones (such as those seen with PAYWIPE and NEARMISS), Russian doctrine calls for sustained information warfare throughout the conflict, both as a supplement to military action and as a component of the aforementioned controlled escalation.
Now more than ever, organisations need to be cyber resilient to protect themselves against extortion because ransomware operators will do whatever possible to achieve their malicious goals by leveraging whatever means is necessary.
As the world deals with waves of COVID, global supply chain disruptions, natural disasters, global inflation and market volatility, companies are often challenged to stay ahead of cyber threats. However, by not doing so, they may put their productivity and profitability, customers' trust and ultimately their reputation at risk.
It's important to have the intel to identify the high volume, high probability risks that could target your organisation, together with the understanding that most compromises are commonplace. Being compromised doesn't mean that it's the end of the game and can be remedied when found early. Threat actors need to accomplish a series of steps before they can complete their objectives.
The threat landscape continues to evolve each day. Recent cybersecurity breaches have exposed the customer data of millions of Australians, including passports, driver's licences and Medicare details. As such, in today's challenging cybersecurity environment, it's critical to treat data security as a business issue to stay ahead of cyber threats.