SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Key threats businesses must be vigilant against – LogRhythm
Mon, 8th Jul 2019
FYI, this story is more than a year old

Installed new anti-virus tools recently or done some awareness training and think you've got the cybersecurity detail covered in your business?

It's a nice thought but probably misguided.

Hackers and cyber-criminals are nothing if not adaptable and, as one door closes, they're already picking the lock on the next one.

Scores of Australian businesses found this out at their own cost last year.

In the first quarter of 2019 alone, the Office of the Australian Information Commissioner (OAIC), Australia's national privacy watchdog, received 215 data breach notifications, 61% of them the result of malicious or criminal attacks.

You're not paranoid if they really are out to get you

Management consultancy PwC says Australian businesses are under siege.

Its 2018 Global Economic Crime - Fraud Survey: Australian Report revealed almost half of the Australian organisations surveyed had been subject to cyber-attack in the preceding two years.

It's become much more than a mere irritation – at home and abroad, companies anticipate cyber-crime will be the most disruptive economic crime of 2019 and 2020, with CEOs flagging it as the number one threat to their growth prospects.

Against that backdrop, keeping a step or several ahead of hackers and cyber-criminals isn't just a good idea – it's imperative, for organisations that want to protect their intellectual capital, reputation and bottom line.
Here are some trends you and your security team need to be aware of in this second half of 2019:

The weakest link

Are your workers the company's strongest link or its weakest?

In 2019, cybercriminals are banking on its being the latter.

As companies become more aware of the risks cyber-attacks pose and roll out new tools and technologies in response, perpetrators are ramping up their efforts to con unwary employees into disclosing sensitive data or releasing funds via social engineering campaigns. The term is used to describe the process whereby individuals are tricked into divulging information or transferring money.

Spear phishing and whaling attacks targeted at specific employees are becoming more finely-honed and sophisticated; often fooling even supposedly cyber-savvy senior executives.

Off-the-shelf attacks

Where do hackers and cyber-criminals obtain the software they use to wreak havoc for the individuals and organisations in their sights?

Welcome to the dark web, a veritable online supermarket of pre-prepared tools engineered for the purpose.

The latest lines to hit the virtual shelves include IoT botnets, remote access trojans, credential thieves, obfuscation tools designed to hide the location of hackers and lateral movement frameworks which enable them to traverse networks once they've found a weakness.

They're cheap to purchase and easy to deploy, even for rookie recruits, which means off-the-shelf attacks are fast becoming as prolific as spam.

Uh-oh – IoT alert!

Not running an Internet of Things (IoT) installation yet?

If you're not, you likely soon will be.

Gartner estimates that by 2020 there will be more than 20 billion connected devices, every one of them a potential entry point to the core systems to which they're linked, or a vector for distributed denial of service attacks.

Smartphones, tablets and wearable devices – also ubiquitous across the globe – compound the mobile security risk, for organisations which don't go to lengths to keep their proliferation of networked ‘things' secured.

Paying the price for poor security

2018 saw the introduction of two important regulatory frameworks.

Australia's Notifiable Data Breaches scheme requires organisations which suspect or experience a data breach likely to result in serious harm to inform the OAIC and the individuals whose personal data was involved within 30 days.

The European Union's General Data Protection Regulation (GDPR) is considerably more stringent; giving companies just 72 hours to report.

While both regimes were introduced with a softly, softly approach, the signs are that's set to change in 2019.

French watchdog CNIL slapped Google with a 50 million euro fine for GDPR violations in February.

Hits to the hip pocket for other organisations which are slapdash about security are likely to follow as the regulators hit their straps, at home and abroad.

eCommerce under attack

eCommerce has become unremarkable in 2019, with even the smallest of businesses offering customers the ability to purchase goods and services online.

These payment facilities are now in the sights of cyber-criminals seeking to harvest credentials and card details from insecure payment processing pages.

The Magecart hacking group pulled this feat off with aplomb in 2018 when it skimmed the credit card details from more than 300,000 British Airways transactions and we'll likely see other bad actors the following suit in 2019 and beyond.

Strengthening defences

In today's hyper-connected digital world, cyber-attacks have emerged as a key threat to businesses and mitigating the risk adequately is no set and forget exercise.

Robust security measures and constant vigilance are necessary if Australian enterprises are to stay a step or several ahead of the hackers and cyber-criminals whose ability to wreak havoc continues to increase.