IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Why you need to make cybersecurity an urgent priority
Tue, 31st Jan 2023
FYI, this story is more than a year old

Australia has become an increasingly lucrative target for cybercriminals using sophisticated techniques to steal and expose sensitive customer information and business-critical data.  

While cybercrime has been rising for years, recent high-profile cyberattacks on Australian critical infrastructure providers have been wake-up calls. Organisations should never treat cybersecurity as an afterthought. Securing systems and networks containing sensitive and valuable data must be an imperative.

There are three critical reasons why businesses must make cybersecurity an urgent priority:  

1. Geopolitical events have complicated the evolving threat landscape  

Since Russia invaded Ukraine in early 2022, cyberattacks have been used to support conventional warfare efforts. As a result, there is a significant increase in disk-wiping malware used by threat actors.

The current geopolitical and cyber risk landscape requires businesses to urgently invest in powerful cybersecurity software tools to maintain robust defences, minimise operational interruptions, reduce data loss or compromise, and improve overall security posture.  

2. Rapid IoT adoption is fuelling attack surface expansion  

IoT’s rapid rise and growth of capabilities are fuelling an organisation’s expanding attack surface, adding greater complexity and making it difficult to secure networks. The shift to cloud computing also expands the attack surface, exposing it to new security risks such as limited visibility, non-compliance, and data loss or compromise. Other emerging technologies powering the metaverse, such as digital twins, blockchain, and cryptocurrency, present various cybersecurity issues and provide cybercriminals with dangerous levels of access.  

Businesses can limit the opportunities for cybercriminals by implementing zero trust policies, eliminating network complexity, regularly scanning for vulnerabilities, and segmenting networks to prevent lateral movement and secure cloud workloads.  

3. Ransomware attacks are reaching dangerous levels of sophistication  

Ransomware-as-a-Service (RaaS) is a subscription-based model that sells or rents ransomware to affiliates to execute attacks. Some of the top RaaS variants, such as Ryuk, ALPHV, Hive, REvil (also known as Sodinokibi), and Egregor, specifically attack high-value targets across industries, including critical infrastructure.  

The best way to protect against ransomware is through a proactive approach that prioritises real-time visibility and remediation, with zero trust network access and endpoint detection and response. Businesses can also educate employees about ransomware through a comprehensive cybersecurity awareness training program.

The urgent need for increased cybersecurity controls

Threat actors routinely exploit poor security configurations and weak controls to run, destroy, or enable other malicious activity. Organisations that haven’t invested in adequate cybersecurity solutions are putting their business and their customers, stakeholders, and suppliers at risk of financial and reputational damage.

It is imperative for companies to minimise their attack surface by implementing zero trust policies and limiting the number of entry points cybercriminals can seek to exploit. However, organisations must first understand the dynamic cyber threat landscape and its impact on business operations. Visibility into the entire scope of potential and recognised threats will help companies anticipate risk, identify vulnerabilities, and determine the impact when, not if, an attack happens.