The growing threat of cyber adversaries loomed over organisations throughout 2021, and it shows no signs of slowing down as we enter March 2022.
In fact, the Federal Government's Australian Cyber Security Centre (ACSC) reported that over the 2020–21 financial year, they received over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year. The increase equates to one report of a cyber attack every 8 minutes compared to one every 10 minutes in the previous financial year.
As teams continue to work from home or test out hybrid work models, their security frameworks have often been insufficiently protected against sophisticated cyber attacks. Nation-states, organised crime syndicates and other cybercriminals have capitalised on this opportunity, using a variety of methods to exploit weaknesses in organisational systems. This resulted in 61% of organisations that fell victim to a ransomware attack in the last two years being forced to pay the ransom, and by October 2021, publicly reported data breaches had already surpassed the total for 2020.
2022 presents an opportunity for businesses to take an active role in protecting their sensitive data and preventing hackers from turning them into the latest headline for all the wrong reasons. Read below to see how organisations can best prepare themselves for the future threats that may come this year and beyond.
While it's no secret that quality leadership is critical to running a successful business, ineffective leadership can greatly increase the risk of cyberattacks. With the rise of breaches that security professionals can expect to continue into 2022, an effective defence starts with strong leaders. It's imperative that leaders adapt to new work dynamics significantly faster than they've historically had to, particularly when it comes to how cyber adversaries will plan to manipulate them.
Security professionals will be put under more pressure in this cybersecurity climate. In this scenario, defenders' networks, which are already riddled with holes and missing capabilities for digital adversaries to exploit, will fall short of meeting the fundamentals of relevance.
Leaders that focus on the "why" rather than the "how," and reflect on their talents to lead, retain and recruit their employees will come out on top.
A stressed and inefficient security operations centre (SOC) makes a company a target, resulting in the loss of brilliant employees in an already competitive industry — and the potential loss of business due to data breach-related reputational harm. Instead, SOC leadership should keep a close eye on employee morale and job satisfaction.
From a technical and human standpoint, the challenge now is: how quickly can the defending company respond to such frequent and rapid attacks — and enhance corporate culture in the process? Cybercriminals are increasingly targeting businesses undergoing major financial events, such as acquisitions and mergers, because security teams are likely to be unstable, stressed and managing integrations during this time. In addition, C-suite executives must guarantee that they are not the weak link in the cybersecurity chain, as they are also among the biggest targets for attackers.
This cybercrime tidal wave will not be going away any time soon. Still, if SOC employees focus on knowing the adversary and hire leaders who focus on fostering a positive culture that improves morale, a better defence outcome can be achieved.
Constant visibility and improvement
For businesses, ransomware is an end problem. It's not a question of being hit by a cyber attack and then wondering, "What do we do now?" because it's far too late by then. Rather, the question should be, "How do we make ourselves less of a target to begin with?" The essence of the issue is that businesses have a false sense of security, believing that they are immune since they've implemented a new compliance tool or moved to the cloud. Unfortunately, it's not as straightforward as that. Cybersecurity isn't a one-and-done exercise. Too many businesses still have the idea that they can get away with ignoring the fundamentals of basic cyber hygiene.
Having visibility across enterprise systems is the first step. Simply said, if security professionals don't have a full view of their assets, they cannot protect them. This knowledge will aid teams in gaining a clear grasp of normal user account and device behaviour, allowing them to recognise anomalies more easily when they occur. Furthermore, distributed workforces and a work-from-anywhere culture have resulted in less visibility, control and knowledge of abnormal user behaviours.
The combination of scattered workforces and more employees utilising personal devices for work will continue to increase the danger of "Bring Your Own Device" (BYOD) security concerns, resulting in larger attack surfaces and greater vulnerability to security threats.
Controlling access points
What do ransomware, phishing, advanced persistent threats (APTs), and other similar threats have in common? Access. Organisations should expect all of these attack tactics to develop in 2022, but initial access brokers (IABs) are a critical area to watch out for that is oftentimes overlooked.
Initial access brokers are criminal individuals or organisations that resell credentials on the dark web. Buyers can then utilise the information to do more damage to a business while remaining unnoticed.
This information will continue being used by nation-state entities, in particular, to carry out ongoing and persistent access attacks. They will keep developing exploits in the hopes of launching a full-fledged cyberwar in the future, similar to trench digging in conventional warfare.
Controlling access points and reducing overall dwell time are critical to thwarting today's most common attack methods. One of the simplest avenues for businesses to do so is to prevent compromised credentials incidents, which account for a per cent of breaches today, and to monitor user behaviour. This gives the context needed to rebuild confidence and defend user accounts in real-time, thereby stopping fraudulent access in its tracks.
With worldwide ransomware payments expected to reach $265 billion by 2031, hackers now have the resources they need to collaborate in new and improved ways to breach organisational frameworks all over the world.
As 2022 progresses, it's encouraging to see businesses prioritise cybersecurity. In order to combat the growing threat that cybercriminals pose to industries of all sizes and types, 2022 will be a test of how successfully everyone can work together, prioritising collaboration over competition. Given cybercriminals have demonstrated that they are well-coordinated, the only way they can be defeated is for security teams to be equally as coordinated in their defensive efforts.
The fact that governments are now mobilising and acting against cyber threats is another sign of the importance of teamwork. Previously, it was up to each company to fend for itself, which inevitably exacerbated the asymmetry between well-funded attackers and individual defenders and resulted in costly breaches. However, governments are taking a stand and pushing comprehensive, joint efforts in the battle against cybercrime, as evidenced by initiatives like the Australian Federal Government's recent announcement of a $10 billion cyber plan in the 2022 budget. Government support is critical as cyberattacks can have disastrous implications for both the public and private sectors.
As cyberattacks grow in sophistication and harm by the year, it's no longer an option for organisations to stand by and hope for the best. They must remain vigilant and always be prepared for what may come their way because recent history has already shown that any organisation, no matter how large, may very well be the next victim. Investing in best practices as well as in the continued development of cybersecurity professionals can ensure that the only direction cybercrime trends move in 2022 is downward.