Exclusive: Check Point warns SMEs on rising cyber risk
Australia's growing reliance on cloud services and AI tools is reshaping its digital perimeter and intensifying cyber-risk, according to Check Point Software Technologies, which has recorded a sharp rise in ransomware, data leaks and credential-based intrusions targeting both large and mid-sized organisations.
"We see the evidence, more than a 25% increase year after year in ransomware activities. If we look at 2024 we had at least 5,400 documented ransomware attacks, each one influencing thousands of employees and partners and suppliers and customers. Based on the numbers we see now, I expect between 25 to 40% increase by end of this year," said Yochai Corem, VP of Exposure Management, Check Point Software Technologies.
"The digital footprint is becoming more complex to defend, and attackers are aware of that and are trying to enjoy the outcome of that by making either more money or for government-based attacks, because they are geopolitical motivated," added Corem.
He said the motivations of criminal, activist and state-aligned groups are increasingly converging, giving less sophisticated actors access to advanced tools and techniques.
AI pressure
"So let's look at those elements and the reason for that outcome. I don't see any less geopolitical tension worldwide. I think that the technology and complexity to defend is continuing there. Maybe we can take AI for example. AI is a new frontier for many organisations to defend," said Corem.
He noted that companies are accelerating AI adoption while still unsure how to use it safely.
"People are trying to create the path of how to adopt it. Security is not always the first thing they think about. As they go along this journey, they are not aware of the security risk that AI generates, which increases the digital complexity and footprint that the attacker can use," added Corem.
He warned that attackers are progressing faster.
"The weaponry in the hands of the threat actors are now AI-driven, which makes it much more complex to defend. My forecast is that 2026 will also be a year of expansion in ransomware breaches, dedications and other types of attacks," said Corem.
Proactive exposure
"It means that they have their own LLM model in the dark web. They offer, for USD $1,000, your own ChatGPT with no limits and no boundaries. It will automate a lot of the attack techniques that hackers are doing manually," said Corem.
"The time we have from weakness that was identified in an organisation to the time it takes hackers to utilise that is shortening from weeks to hours. If before it was okay to fix a critical vulnerability within seven days, it's not the truth anymore. Today these seven days are a huge opportunity for hackers," added Corem.
Exposure management, he said, now depends on both speed and intelligence. "Prioritisation remains a core part of our value offering - identifying which threats matter most is essential. But just as critical is the ability to increase the capacity of problems you fix in a short time before hackers have a chance to exploit them."
Credential risk
"You know how many credentials we see? We identify about 1 million computers that are being breached every month with malware-as-a-service technologies, which means that credentials of 1 million people every month are becoming available in the hands of a threat actor," said Corem.
"If I have your credentials and I log in as you and you're not aware of that, it is very hard for any defence mechanism to identify that I am not you," added Corem.
He said this makes real-time monitoring for leaked data, impersonation attempts and dark-web activity essential, alongside rapid remediation of vulnerabilities.
Blind spots
"I would divide the world into two types of companies. There are the large organisations that know they have to invest in defence, but their defence complexity is so high that they either do it okay or sometimes fail," said Corem.
He said mid-sized firms face a different issue.
"They didn't think it will hit them. Hackers understand it's much easier to attack a mid-sized company. The ransomware demand will be lower because they know they can afford it and it makes sense for them, and they will pay because they just want to continue with their business," added Corem.
Lessons for Australia
"People think it happens to someone else. They don't believe it. They go after you because you're an easy target, and you know you'll pay because if you are down for three weeks, you lose all your customers," said Corem.
"There are many excellent cybersecurity firms in Australia. They have the right tools and will help you to protect. Understand it happens to you, not just to others, and it's not just the news that you hear about. You can wake up tomorrow," added Corem.
Innovation and security
"Identify people that are native and are evangelists to this. Put them in the right role and responsibility to advise you not only on how you can better use AI in your company, but also how to do it in a safe way," said Corem.
"There are frameworks to manage risk. Apply this as you go through the AI adoption phase. Don't just ignore it," added Corem.
Tool overload
"They have 40, 50, 60 tools. You are not able to comprehend and utilise so many tools in an effective way. Review again this technology stack that you're utilising and see if that's the most effective to the next year challenges, not to the two years ago challenges," said Corem.