Cyberattacks have increased significantly in Australia. As the year 2022 draws to a close, Australian businesses are taking a look back at their performance to gather insights.
Hackers used to infiltrate systems fifty years ago to explore new technology possibilities rather than engage in criminal behaviour.
In 1969, MIT student hackers hacked electrical train tracks to improve performance.
Hackers today have a wide range of goals and motivations, from technology explorers and cybercriminals to cybercriminals and cyber-criminals. These can influence which industries they choose as targets.
Suppose, for example, that the goal is to gain financial gain. Then, the target might be the financial sector or the healthcare industry, which are both known to have sensitive personal data and are therefore vulnerable to high ransom payments.
According to VMware’s report on 2022 Modern Bank Heists, 74% of financial security leaders have experienced at least one ransomware attack in the past 12 months, and 63% paid it.
Some hackers are out to disrupt the system just for fun. They might attack manufacturing and supply chain companies to disrupt other industries, or they could go after essential services like gas and water to negatively impact the lives of people.
Brands that are well-known are another target. If they want to damage a business’s reputation, actors may attack the systems of brands.
The Australian Cyber Security Centre’s (ACSC) most recent Annual Cyber Threat report revealed that in Australia, the three industries with the highest number of reported incidents were federal government, state government, and healthcare. This is not to suggest that other sectors aren’t at risk.
In the same report, it was also revealed that from small to medium sized organisations there is a jump in “isolated” or “extensive compromise incidents”. Medium-sized companies, who suffered greater losses in the past financial year, seem to be a “sweet spot” of attackers.
Cybercriminals want data that they can use to disrupt companies, identify individuals, or do both. Criminal organisations are more interested in personal data, as it allows them to commit frauds for financial gain. For example, they can personalise a phishing message or impersonate an individual.
Although governments can issue new identity documents to citizens who have been affected by breaches, certain information, like the date of birth, cannot be changed.
The fraud can be a long one for those whose information is compromised. It could range from false orders and loans to their data being sold to other groups who use it to commit further crimes.
One single breach can have long-term consequences for the user. Any business that stores personal information could be a target.
Hacker attacks are becoming more sophisticated. According to VMware’s 2020 Global Incidence Response Threat Report two out of every three respondents have seen malicious deepfakes as part of an attack, which is a 13% increase from the previous year.
The next frontier in malicious activity is the application programming interfaces.
These findings can be used to conclude that cybercriminals use individuals to compromise businesses. They also leverage workloads and apps to gain access connected systems where they can rummage through networks for a long time.
In terms of cybersecurity, everyone with access to a digital environment can be hacked. Individuals are therefore the weakest link. How can small and medium enterprises prepare better for these threats that are looming in the New Year?
Zero Trust is a strategic approach to cyber security that distrusts connections, devices and users by default. Zero Trust is an approach to cyber-security that distrusts devices, connections and users.
Information and IT system management can benefit from this operational model. Companies of all sizes are able to minimise risk by using the right technology and model.
We’ll see cybercriminals continue to evolve their malicious access techniques in 2023 as they try to gain a foothold within organisations. Cybercriminals’ primary goal may be different, but it is still the same. They want to gain control of the kingdom by following four steps: steal credentials, move laterally, collect data, and monetise the information.
It is therefore crucial that leaders and business owners make digital security their top priority. They should also implement a complementary Zero Trust strategy to reduce the risk of error by humans.