Cyber threat surge: From spilled flat whites to ransomware overnight

IT professionals have never faced a taller challenge. Gone are the days where IT support consisted of only dealing with the co-worker who spilt coffee on their laptop or hasn’t tried turning it on and off again. Instead, IT teams now need to protect dispersed organisations from a range of cyber threats, and for organisations who haven’t invested correctly in cybersecurity, the consequences will be much worse than a coffee-stained keyboard.

What is the state of cybersecurity in Australia?

The complexity and relentlessness of cybercriminals continues to increase. According to Sophos’ State of Ransomware 2022, 59 per cent of organisations across the globe have experienced an increase in the complexity of cyberattacks over the past financial year.

Cybercriminals are continuing to deploy stealthy, human-led techniques to conduct attacks. Aussie firms are facing ransomware attacks well above the rates we are witnessing globally. Eighty per cent of Aussie firms were hit with ransomware in 2021, up from 45% in 2020. By comparison, 66% of global respondents experienced a ransomware attack in 2022.

For businesses, especially ones tip-toeing the line of stability, the monetary consequences of a ransomware attack are much more severe than what might be expected. The average cost to recover from a ransomware attack in 2021 was AU$1.61 million, with Australian organisations taking on average one full month to recover from an attack.

As we have also seen recently with many well-respected businesses, attacks can lead to reputational damages, loss of customer trust and other issues that organisations may never recover from. Unfortunately, there is no one solution that protects against growing threats. Many firms consider cyber insurance as a safety net for a ransomware attack, but, it’s no longer the ‘one-and-done’ approach some considered it to be when it first came into being.

This is because insurance companies are becoming more particular about providing cover. In 2022, insurers won’t cover an organisation if it’s not taking adequate measures to prevent an attack in the first place. Organisations now need to implement a holistic cybersecurity strategy that ensures every surface of the organisation is protected. By improving cyber resilience first, organisations can then become eligible to receive cyber insurance.

Cybersecurity is not a one-stop investment. Like all parts of an organisation, for cybersecurity to remain effective it needs to continually be examined, updated and tested.

How can business leaders one step ahead?

Organisations need to be proactively hunting for threats to identify and stop adversaries before they can execute their attacks. If the IT team lacks the time or skills to do this in-house, outsourcing to a managed detection and response (MDR) specialist is a great option.

Preparation is essential to protecting against cyber threats

To tackle ever-evolving cyber threats with threat hunting, preparation is the key to success. Building on strong foundations will ensure the IT team is able to better mitigate the damage of future cyberattacks. Organisations can set up their IT team for success by:

  • Understanding the maturity of their current cybersecurity operations – Firms that map their processes to a cybersecurity maturity model like the ACSC’s Essential Eight are better positioned to understand their capabilities for threat hunting. It’s also a good idea for firms to audit their security posture to determine how susceptible to threats they are.
  • Deciding how to approach threat hunting – Once an organisation has determined its cyber maturity, it can then decide whether threat hunting is something it wants to do in-house, fully outsource or a combination of both.
  • Identifying technology gaps – Organisations should review existing tools and identify what else is needed for active threat hunting. They should consider how effective their prevention technology is and if it has or supports threat-hunting capabilities.
  • Identifying skills gaps – Threat hunting requires specialist skills. If organisations don’t have in-house training, external training courses can be explored to help develop the necessary skills. Also, working with a third-party provider should be considered
  • Developing and implementing an incident response plan – It is essential to have a fully-fledged incident response plan in place to ensure any response is measured and controlled. Having a well-prepared, well-understood response plan that key parties can immediately put into action will dramatically reduce the impact of attacks on the organisation.

Outsourcing MDR

Detecting and responding to cyber threats is vital to forming a cyber-resilient firm. To be effective, it requires time and dedication from IT teams. However, many IT teams still need to focus on the spilled coffees. Outsourcing MDR to a specialised service can ensure companies are upholding a strong cybersecurity approach, while not letting other aspects of IT workloads slip. Third-party MDR teams elevate the protection against ransomware threats.

Given the greater experience an MDR vendor holds, MDR service providers have better facilitation in using threat-hunting tools, which enables them to respond quickly to threats.

Furthermore, outsourcing MDR services frees up the internal information technology team’s time and workload, while maintaining peace of mind knowing that threats are constantly being scanned for 24/7 by experienced threat hunters. MDR services also provide a cost-effective way to enhance the quality of protection and stretch cybersecurity budgets further.

Cybersecurity is not simple, and organisations are beginning to realise this. They are understanding how important, yet complex cybersecurity is and how it requires a multi-pronged approach. Investing in detection and response solutions has become more important than ever and is a necessary step to helping a firm become cyber resilient.

Aaron Bugal is a Global Solutions Engineer at Sophos.

Aaron Bugal, Global Solutions Engineer, APJ, at Sophos