No Australian business is too small or irrelevant to not be a target of state-based cyberwarfare. Their goal is not financial gain – it is to cause business loss and public chaos as a punishment for political decisions.
Russia has been widely recognised for years as fostering global cybercrime on a truly industrial scale. In the past 3 years, cybercriminal targets have included Australian supply chains, Australian hospitals, American energy infrastructure and American elections.
And the threat level has massively increased over the past month.
On 23 Feb 2022, the Australian government issued an advisory to all Australian businesses, warning that every Australian business needs to increase its security monitoring.
There has been a historical pattern of cyber-attacks against Ukraine that have had international consequences. The malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities.
While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cybersecurity posture and increased monitoring for threats will help to reduce the impacts to Australian organisations. (1)
This is in line with similar warnings by the US DOJ to American business earlier in February. Deputy attorney general Lisa Monaco said this at the Munich Cybersecurity Conference:
“Now is the time to increase their defences, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity…. They need to be as we say, ‘shields up’ and to be really on the most heightened level of alert that they can be and taking all necessary precautions.”
The position that Australia has taken in support of Ukraine since 23rd February could potentially mean that Australian businesses may be at increased risk of attack.
Where do you start?
The recent Australian Cyber Security Centre (ACSC) advice that Australian organisations are encouraged to urgently adopt an enhanced cyber security posture (1) provides some useful information on how to mitigate your cybersecurity risk in order to stay secure.
Their Cyber Incident Response Plan (2) web page includes links to download the Cyber Incident Response Plan – Guidance & Template (3) and also to download their Cyber Incident Response Readiness Checklist (3).
It’s our assessment that you should start that process today – unless you already have high levels of independently audited cybersecurity.
You may think you’re OK. Your IT team may think you’re OK. But don’t “ass-u-me” that you’re safe because you haven’t had problems so far.
So download that checklist now and see what independent experts believe is required to minimise your business risks.
What should you do next?
Check your cybersecurity across the three key dimensions
Digital security today is an essential business survival strategy. To be effective in a world of government-sponsored global cybercrime, it needs to be three-dimensional, with:
- Security information and event management (SIEM) and User and Entity Behaviour Analytics (UEBA) SIEM solutions collect logging data from across your organisation’s security infrastructure. Over time, analysis of this data for anomalies can help with faster threat detection.
- Endpoint detection and response (EDR) – which is about carefully monitoring activity on your organisation’s user devices (endpoints) with the aim of detecting and preventing as much hacking as possible (think of it as advanced anti-virus protection).
- Network detection and response (NDR) – which is about analysing your network traffic in close to real-time – what’s going on ACROSS your network and detecting suspicious activity to determine threatening activity.
What do they involve?
SIEM is usually the starting point for security improvements – to analyse what’s happening where – using existing security logs. EDR is typically the next step in security – it is all about analysing what’s happening on (most but not all) user devices. NDR is about monitoring what’s happening within your network.
(You can find more background here: Three things EVERY business manager needs to know about cybersecurity and ransomware )
Network Detection and Response (NDR) is increasingly essential – because of the harm that hackers can now do once they penetrate your defences.
That’s where the alerts being issued are focussed – on real-time monitoring of what’s happening within your systems, as well as on your borders.
If you are exposed and can’t fix it fast enough, ask for help FAST
Whether you like it or not, your computer security is now an urgent and immediate business priority.
If you have security-related actions on your “to-do” list, they are now far more urgent than they were just 1 month ago.
Free State-Actor Cyber Vigilance Offer for March
In response to this increased threat environment, if you’re reading this article, then Network Overdrive is offering a limited number of appropriate companies free additional security assistance using our current security capabilities for March 2022.
What does “appropriate” mean?
We will need to assess the capability and technology base of any interested company to ensure its suitability. Therefore, a short discussion is required before we can activate the service.
Please book a consultation here.
If that discussion finds that you would not benefit from the security monitoring service, we will instead do a 20-min review of your cyber incident response capability using the Australian Government’s checklist.
What we’re offering is a breathing space
We’re offering this extra protection while you check your cybersecurity during this period of increased threat.
No one knows “what’s next” – so this offer applies for March 2022. It’s not a permanent solution – but it can help you increase your protection against this specific and immediate threat.
It’s to give you some time to prepare for this next business challenge. (War – on top of flood, fire and pestilence!)
The risk IS real and it IS immediate – so take action today.
Book here to protect your business.