The ACSC has issued a HIGH alert for businesses to adopt an enhanced cyber security posture
Following the attack on Ukraine, there is an elevated threat environment globally in relation to cyber-attacks and Australian businesses need to pay attention. We argue that Australia must prepare itself for more cyber attacks which will be weaponised in reprisal against Australia for supporting Ukraine during the recent conflict.
International insurance company Gallagher has warned that the escalating conflict between Ukraine and Russia will trigger cyber attacks that could impact businesses globally.
“A wide range of malicious cyber activity has been detailed in recent partner and industry reporting, including destructive malware, threats to common enterprise solutions, and threats to specific sectors. Organisations should review these publications for information on threats and mitigations relevant to their network. The associated advisory provides further details on these publications.
The ACSC recommends that organisations urgently adopt an enhanced cyber security posture. This should include reviewing and enhancing detection, mitigation, and response measures. Prioritise taking the following actions across your environment:
- Patch applications and devices
- Implement mitigations against phishing and spear phishing attacks
- Ensure that logging and detection systems are fully updated and functioning
- Review incident response and business continuity plans.” (1)
The AFR warned that cyber security specialists have widely reported that Russia has a long history of using cyberattacks to weaken its adversaries. There has already been an increase in cyber attacks against Australian critical infrastructure by domiciled ransomware gangs.
Our own Prime Minister Scott Morrison has warned businesses to “urgently adopt an enhanced cyber security position” in light of the escalating war in Ukraine.
“There has been a pattern of cyber attacks against Ukraine that is continuing,” Mr Morrison said.
“Malicious cyber activity could impact Australian organisations through unintended interruption or unmaintained cyber activities.”
“Dealing with cyber-security threats is a constantly escalating task … John Howard used to talk about issues that have an ever-receding finish line. I would put dealing with cyber threats certainly in that category.”(2)
Australian Businesses are urged to adopt a position of heightened cyber readiness
Kaine Mathrick Tech is urging all businesses to be alert to any anomalies within their environment and ensure that they are prepared to respond to an incident. This could include:
- Implement the Essential Eight mitigation strategies from the ACSC’s Essential Eight guidelines to meet Maturity Level one or two as a baseline.
- Confirm reporting processes and minimise personnel gaps in IT/OT security coverage.
- Ensure that logging and detection systems in your environment are fully updated and functioning and apply additional monitoring of networks where required.
- Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
- Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
- Increase organizational vigilance. Stay current on reporting on this threat. Subscribe to CISA’s mailing list for notifications. (4)
- Implement quick win mitigations, not in place
Thought Leadership: What future factors do security managers need to consider in the next 5 years?
In Gartner’s most recent report on cyber security in 2022 and the impact on leaders and the ecosystem, the following major themes were reported as what all businesses must consider moving forward in relation to their cyber security strategy.
- Audit Cyber Posture & Mature via ACSC Essential Eight: The ACSC released the Essential Eight and the Maturity Model to assist businesses in mitigating and responding to cyber threats. Businesses must understand first where their vulnerabilities lie and aim to implement mitigation strategies based in the recommended order of priority.
- Ensure C-Level executives & Security first culture: Some recommendations are to build cyber security into employment contracts of all staff. Work with the HR teams and other business units to constantly reiterate the cyber first culture. Finally incentivise executives to regard cyber security as a strategic business goal by ensuring the board is reviewing and outcome-driven cyber security performance reports and cyber security performance goals are embedded in the business employment agreements.
- Ensure Supply Chain & third party suppliers have made cyber considerations: We know that cyber attacks are increasing for third parties and most businesses do not have measures to identify these risks. Cyber leaders must consider the internal ramifications of 3rd party cyber risk exposure, as well as the continuous demand for transparency and cyber due diligence from their own customers. Cyber leaders must consider engaging all stakeholders to set cyber security standards and expectations of 3rd parties for various risk scenarios. This might be the critical IT vendors, or extend to the entire ecosystem to include customers or subsidiaries.
- Consider cyber risk quantification to prioritise cyber risks with care. CRQ adopters believe that expressing risk in financial and business-relevant units will help justify security investments, drive urgency around risk mitigation and help business leaders make trade-off decisions. however results are mixed and currently, there are inefficiencies. The lack of data is the largest challenge and connecting business decisions and outcomes is an obstacle.
- Increased requirement for companies to be more transparent about their cyber security risks. Businesses now agree that cyber security is a societal risk, not solely a risk to businesses. In fact, there is increasing public demand for greater transparency around environmental, social and governance goals (ESG). Businesses will be required to proactively monitor the potential data sources to inform external stakeholders of an organisation’s cyber security posture. Moreover, not only assess the social impact of a cyber incident but also demonstrates commitment and progress to reducing the impact of a cyber incident.
- Fostering a cyber aware culture is critical to an effective cyber security program. This goes far beyond the traditional method of awareness. Successful programs will extend to materials that support techniques to culture hack or nudge, target granular audiences, embraces gamification and security program branding. A successful cultural transformation will untrue a cyber risk-aware culture with tools that leverage social science techniques to influence cybersecurity behaviour. (3)
The is no one silver bullet, an effective cyber security strategy is the application of a number of mitigation strategies. As a minimum, all businesses must focus on important factors in reducing cyber risk include, including meeting the requirements of the ACSC Essential Eight Maturity Model, achieving management support and fostering a cybersecurity culture.
A risk assessment should be performed to identify the cyber security vulnerabilities. Risks should be quantified and explained in simple language to top-level management to ensure business cases can be understood, reviewed and approved.
A comprehensive cyber security strategy and implementation plan helps ensure that the firm has the most appropriate people, processes and technology in place to help mitigate cyber risks.
Firms should also have an incident response plan that is regularly tested to ensure the impact of a successful cyber-attack is minimised.
Cyber Security Solutions made easy
with Kaine Mathrick Tech
- “Australian organisations encouraged to urgently adopt an enhanced cyber security posture” Source: https://www.cyber.gov.au/acsc/view-all-content/alerts/australian-organisations-encouraged-urgently-adopt-enhanced-cyber-security-posturehttps://hostingtribunal.com/blog/cloud-adoption-statistics/#gref
- “Russia’s invasion raises the cyber stakes for Australian business,” Source: https://www.researchgate.net/figure/Average-downtime-for-data-recovery-for-cloud-versus-non-cloud-users-26_fig6_342154295
- “Gartner Predicts 2022: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem”
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-011a