As 2022 comes to an end and Australian businesses take a step back to evaluate their performance and gather industry insights, it’s difficult to overlook a common threat that affected most (if not all) sectors during the year: the notable rise in cyberattacks.
Fifty years ago, hackers used to invade systems to explore the possibilities of new technologies rather than engaging in criminal behaviour.
One of the first registered cases happened in 1969 when MIT students hacked electric train tracks and switches in order to improve their performance.
From technology explorers to cybercriminals, today’s hackers have very different goals and motivations for invading a system, and these can impact which industries they target.
For example, suppose the goal is financial gain. In that case, they might target the financial industry or the healthcare sector, as these are known to hold critical personal information and therefore are vulnerable to paying high ransoms.
In fact, according to VMware’s 2022 Modern Bank Heists report, 74 per cent of financial security leaders experienced one or more ransomware attacks in a 12-month period, and 63% of those victims paid the ransom.
On the other hand, some hackers aim to cause disruption for the sake of it. In this case, they might target supply chain and manufacturing companies in order to affect other industries or even go after gas, water and essential services to impact people’s everyday lives negatively.
Lastly, another common target is well-known brands. Actors might attack brands’ systems if they wish to cause reputational damage to a specific business.
The latest Annual Cyber Threat Report by the Australian Cyber Security Centre (ACSC) disclosed that the three industries in Australia with the most reported incidents between 2021-2022 were the federal government, the state government and healthcare, which is not to say that other sectors are not at risk.
The same report also showed that, from small to medium-sized organisations, there’s a jump of almost 300 per cent in reported “isolated” and “extensive” compromise incidents. The “sweet spot” for attackers seems to be medium-sized businesses, which experienced larger losses during the last financial year.
Ultimately, cybercriminals are looking for data that can be leveraged to disrupt a company, identify people, or both. Criminal organisations prefer personal data because it helps them perpetrate fraud for financial gain, for example, personalising a phishing email or impersonating an individual.
While governments can reissue identity documents for citizens affected by breaches, some of the information obtained is impossible to change, such as date of birth.
For those whose data is exposed, there’s a long tail of fraud that can range from false loans and orders of goods to having their information sold to other groups that use it to perpetrate further crimes.
This is an extremely painful process for the end user, who can face long-term effects from one single breach. Therefore, any business that holds personal information is at risk of becoming a target.
With the evolution of the hacker, attacks have also become more sophisticated. According to VMware’s 2022 Global Incident Response Threat Report, two out of three respondents saw malicious deepfakes used as part of an incident, which is a 13 per cent increase over the previous year.
Lateral movement was also a common denominator, seen in 25 per cent of all occurrences, with application programming interfaces (APIs) representing the next frontier for malicious activity.
From these findings, we can conclude a few things: cybercriminals are using individuals to compromise businesses, and they are leveraging workloads and applications to gain access to connected systems, where they can rummage around networks for an extended period.
When it comes to cybersecurity, every single person with access to the digital environment is likely to be hacked, and therefore individuals still remain the weakest link. So, how can small-medium enterprises better prepare for these looming threats in the new year?
Although training and education are excellent ways to strengthen the people aspect of cyber security, a Zero Trust approach can complement it and remove some of the pressure from individuals. Zero Trust is a strategic approach to cyber security that distrusts connections, devices and users by default.
This operational model can be applied to information and IT systems management. With the right tech and the right model in play, companies of all sizes can minimise the risk presented by individuals and human error.
In 2023, we’ll continue to see the evolution of malicious access tactics as cybercriminals attempt to gain a foothold in organisations. It might be a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom through four key steps – steal credentials, move laterally, acquire data and then monetise it.
Hence, it’s critical that business owners and leaders make digital security a priority – by making it an organisation-wide responsibility and implementing a complementary Zero Trust approach to minimise the risk of human error in the long run.