The recent cyberattack by the AlphV ransomware gang (aka BlackCat), which claims to have stolen at least 4.95 terabytes of data from four Victorian companies, is the latest in a string of attacks and aligns to a growing ransomware trend we are seeing everywhere in the world where threat actors will continue to evolve their attack techniques to target their victims, usually in areas where victims have little to no visibility.
Australia, like many other developed nations, has a highly digitised economy and infrastructure, which seems to attract its fair share of cyberattacks. Most cybercrimes are financially and profit motivated, and with Australia’s prosperous economy, this makes the country an even more desirable target.
A survey by IDC showed that Australian organisations were more willing to pay a ransom to threat actors, to resume their business. As ransomware threat actors are usually profit motivated, this finding could have played a factor in cybercriminals focusing more ransomware attack efforts against Australian companies.
Security measures Australian organisations need to put in place
For a start, Australian organisations really need to ensure that their basic security hygiene is actively enforced. Multi-factor authentication, allowing only authorised access and ensuring their software is up-to-date should now be considered as routine.
Organisations also need to understand that at some point, some cyberattack attempts will successfully breach and get into their networks and systems. Organisations need to think about how to stop that breach from turning into a disaster by limiting the damage. They can do so by implementing effective containment strategies like microsegmentation where attackers are restricted from moving laterally across systems to cause harm like spreading ransomware.
Most modern ransomware attacks are also increasingly difficult to detect, raising the need for organisations to proactively engage threat hunting efforts where evasive threats like ransomware are actively being discovered before they can advance further in accomplishing its objectives.
Be on the front foot with a cyber incident response plan
It’s no longer a question of if a breach will occur but when. To be sufficiently prepared, companies should have well-defined cyber incident response plans in place to effectively manage and mitigate the impact of a cyberattack. These plans should be tailored to the company’s specific needs and risks.
A well-defined incident response plan also helps to minimise damage, protect sensitive data, and facilitate a swift recovery for the business. A comprehensive incident response plan should depend on the organisation’s needs and encompass several elements such as an incident response team; risk assessment and incident classification; detection and analysis of the incident; containing and mitigating the attack spread; recovering and communicating to relevant stakeholders like customers, employees, partners, and bodies required by corporate legal and the authorities; and documenting and reporting the incident for compliance reporting and reviewing outcomes for future improvements.
The repercussions of a cyberattack has devastating and far-reaching consequences for companies and governments which can result in severe financial and reputational loss.
With data and critical infrastructure so essential to Australia’s economy and success, it’s more imperative now than ever to ensure that we are focused in securing and protecting our critical assets to mitigate from the onslaught of increasing cyberattacks affecting consumers, businesses and governments globally.
Reuben Koh is director of security technology and strategy for Asia Pacific & Japan at Akamai Technologies.