Australian and New Zealand organisations experienced a significant increase in ransomware from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, a new report from leader in cloud-native network detection and response (NDR), ExtraHop, has revealed.

Of those who fell victim, more than eight in 10 (82%) admitted to paying the ransom at least once.

As organisations increasingly find themselves under attack, the data discovered they are drowning in cybersecurity debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors.

Eight in 10 (80%) Australian and New Zealand IT decision makers say outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents their organisations have experienced. Despite these concerning figures, less than two-thirds (62%) of respondents said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

The survey also found that all Australian and New Zealand respondents are running one or more insecure network protocols. Despite calls from leading technology vendors to retire SMBv1, which played a significant role in the explosion of WannaCry and NotPetya, 84% are still running it in their environments. 

When it comes to unmanaged devices, more than half (53%) say some of their critical devices are capable of being remotely accessed and controlled and are exposed to the public internet.

“As organisations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritised some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” ExtraHop chief risk, security and information security officer, Mark Bowling said.

“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt. The liabilities, and, ultimately, financial damages that result from this deprioritisation compounds cybersecurity debt and opens organisations up to even more risk. Greater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”

ExtraHop recommends that organisations take the following steps to assess and remediate cybersecurity debt:

Step 1: Perform continuous network monitoring

Maintaining an inventory of software and hardware is a fundamental necessity for security hygiene, and is recommended in the first and second security controls in the CIS Top 20. Despite being a vital security practice, maintaining this inventory is a challenge for organisations that rely on manual, point-in-time audits to identify devices and protocols on their networks.

A better approach is to use a network monitoring tool that passively and continuously analyses network traffic to pinpoint every device connecting to the network and each protocol in use at any given moment.

Step 2: Update configuration templates and settings

Devices and software that communicate across the network are configured with default settings that may go out of date over time. If a new device or solution is introduced into the environment and left to its default configuration, it may run protocols that are no longer considered secure.

Similarly, cloud systems and workloads use configuration templates to determine their protocol usage. Over time, as new protocols are developed and old versions deprecated, these configuration templates may go out of date and need to be updated. Any new workloads created with an older template may introduce insecure protocols into the environment. Because of the often short-lived and ephemeral nature of cloud workloads, it can be challenging to catch these instances of insecure protocol usage and know how to get them out of your system. This is where a network monitoring solution can help.

Step 3: Disable unused ports

Other steps organisations can take to remediate network-related cybersecurity debt is to disable unused ports, as well as any unnecessary services, on internet connected networking devices, and of course, to develop and implement a roadmap for replacing legacy protocols.