SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Hackers have evolved since COVID-19 but have cyber-defences kept pace?
Thu, 7th Oct 2021
FYI, this story is more than a year old

COVID-19 has been an incredible opportunity for attackers and hackers as remote working was an absolute game changer and an enabler.

Today ransomware infects another business every 10 seconds globally.

Every attacker and hacker knows that every file or malicious attack must go through antivirus, NextGen antivirus, sandbox technology, and an EDR product. Hackers have become experts at evading detection.

All threat actors need to evade detection, steal data, infect, then extort money. If their files are caught by existing security products, there will be no infections.

In Australia, the volume of reported threats is exploding. In the 12 months to June 2021, my company saw a cyber-attack every eight minutes, equating to over 65,700 attacks per year. This presents an ideal opportunity for organisations to review their cybersecurity strategy.

Avoid becoming another ransomware victim

Start with a straightforward question to an AV or security vendor: “In the past 12 months, have you prevented breaches and ransomware across 100% of your customers, and if not, how many were breached or infected?

It is critical to understand how effective each security product is in stopping the new tactics that the hackers have been using since COVID-19.

Depending on the response, it may be worth looking to the market to identify a solution based on prevention, not detection, and incorporates isolation, containment and elimination (ICE) technology.

Always assume the worst case and that a hacker has already breached, or is about to breach.

Reduce the attack surface

Update or automate servers and desktops Windows operating systems updates and patches at least weekly, if not daily, to reduce the opportunity for zero-day attacks to breach and infect. Repeat with applications.

Understand vulnerabilities

Run a real-time, always-on vulnerability assessment across your network and fix at least the critical vulnerabilities.

Stop zero-day and never-before-seen threats

Automatically isolate and contain every .exe and .DLL that has an unknown SHA or HASH value before it is allowed to run.

User education

Educate users on what to look for before they open a file or click a link.

Macro based attacks are still prominent

It is essential to ensure that whenever a user clicks on a file that unknowingly launches a macro, the macro is instantly contained from infecting the device and the rest of the network.

Understand data privacy risks

Know what regulated and sensitive data is located where, and automatically track the flow inbound and outbound so that in the event of a breach, only the people affected are notified — not the entire customer database.

Backup and recoverability

Air-gapped backups that are resistant to ransomware are critical to ensure data is recoverable.

The last line of defence is a strong offence. Isolation, containment and elimination (ICE) technology puts organisations back in the driver's seat to protect against all unknown files from infecting them.

Again, the first step is asking an existing antivirus vendor if they have protected 100% of their customers' endpoints globally in the past 12 months. Make sure that cyber-defences are strong enough to prevent a breach from occurring.

Prevention is better than trying to remediate after a breach.