Threat actors increasingly strike out of hours, forcing a rethink on cybersecurity

Online malicious actors have never played by the rules of the businesses or government agencies that they target. But new research has shed light on the strategies they use to ensure their attacks are successful, such as striking late at night and on holidays when cybersecurity teams are most likely to be spread thin, on vacation or just asleep. Arctic Wolf recently found that within the current threat landscape, 45% of security alerts were generated outside of weekday working hours, with an additional 20% generated on weekends. 

This trend, combined with Australia's new right-to-disconnect rules that limit communication between employees and their employers outside of regular working hours, make attackers even harder to thwart than they have been in the past. The laws prevent employees from being forced to answer work messages or calls after-hours, which should ostensibly limit the burnout and fatigue that many cybersecurity practitioners face, not just in Australia, but globally. Arctic Wolf research earlier this year found that 76% of organisations cannot achieve their security goals due to staffing concerns, and 56% of organisations distribute security responsibilities to their IT staff, who may or may not be experts in defending a digital environment. 

These staffing concerns often arise as a result of overworked and stressed out analysts who are liable to leave the industry entirely due to the tilted work-life balance, according to market analyst firm Gartner. Last year, Gartner estimated that by 2025, half of cybersecurity leaders will change jobs, with 25% for different roles entirely due to multiple work-related stressors. 

Right-to-disconnect rules are important to combat these problems for security teams at organisations of all sizes. But staffing isn't the only concern security leaders have. Cloud technology, for example, is increasingly prevalent in ANZ, with Australian organisations expected to spend more than A$23.3 billion on public cloud services in 2024 –– an increase of 19.7% from 2023, according to Gartner. But 41% of data breaches in Australia between 2022 and 2023 were aimed at compromising cloud services, local systems, or entire networks, per the Australian Signals Directorate. This poses a significant concern for all kinds of businesses throughout the country, given that 59% of organisations rely on cloud technology. 

Organisations that have moved to the cloud may be more efficient from an economic perspective, but that migration often brings an entirely new level of complexity into a digital environment, with the potential for misconfigurations and limited security visibility. But even the most core components of a business's digital environment can be attacked, as Arctic Wolf research found that software applications like Microsoft Outlook and Windows 10 were among the most common software leveraged for exploitation by attackers.

This is where security operations can be the most effective option for an organisation struggling with their security posture. There are plenty of security tools out there for companies looking to solve a one-off security gap, but taking an operationalised approach focuses on security outcomes rather than solely focusing on responding to alerts. 

Effective security operations outcomes are achieved by those organisations who implement a plan of continuous improvement and truly govern cybersecurity as the business-critical program it is. And as these organisations grow –– and their attacks surfaces as well –– their security posture has to mature in lockstep. For security operations to remain effective, it must be designed to quickly scale to match an organisation's needs. For many, this is about security moving at the speed of cloud. But recent advances in generative AI and large language models (LLMs) may now threaten those organisations who are still not prepared to expand the scope of their security operations to new areas of weakness as well.