Cyber threats impacting Australian and New Zealand businesses
Article by Fortinet chief information security officer Corne Mare and Fortinet director of threat intelligence for Australia and New Zealand Glenn Maiden.
Businesses across Australia and New Zealand (ANZ) continue to be targeted by cybercriminals as technology advances, and attacks have become increasingly sophisticated.
However, technological advancements aren't the only thing driving increased cybercrime across the ANZ region. The exploitation of vulnerabilities exposed by the COVID-19 pandemic and threats arising from the conflict in eastern Europe also present challenges to local businesses, among other potential threats.
On the surface level, the pandemic is one example of cybercriminals exploiting real challenges and vulnerabilities for their personal gain. There have also been instances of supply chain issues, food supply challenges, and refugee crises being exploited by cybercriminals looking to disrupt businesses. Cyberterrorism continues to be a major threat to businesses and governments across ANZ, which has only increased due to the changing geopolitical landscape.
But it's not just disruption that businesses could face. The biggest risk from things like ransomware is data access and exposure, further driving the need for leaders to bring security into the very base levels of the organisation. There's never a guarantee that cybercriminals will safeguard data once accessed, even if ransoms are paid. Hence, business leaders must invest in greater data protection at every level.
The diversity of attacks is just one piece of the puzzle. One of the biggest challenges that have come to the fore is how entrepreneurial cybercriminals have become. Cybercriminal syndicates are increasingly acting as a business would; they share skills to take advantage of exploits and hire specialists based on specific capabilities, with some threat actors working for a multitude of criminal networks.
New threats are not the only cause for concern in the region. Businesses increasingly need to be able to adapt to the changing nature of cyberattacks and educate their employees on how to identify potential exploits beyond the more traditional attack approaches such as phishing scams or infected files. While new threats are constantly emerging, the style of attack is also evolving, and cybercriminals are weaponising vulnerabilities and exploits with increasing speed. One of the most concerning developments in cybercrime is the sophistication of attacks, with the technology and attackers behind it growing progressively more insidious alongside changing motivations.
Cybercriminals have moved on from unsophisticated spray-and-pray or share-and-click approaches. Instead, they've become more targeted, direct, and well-versed at moving through organisations. It's imperative for businesses to recognise this shift in approach and adapt both their cybersecurity approaches and their staff cybersecurity education and training to better address and protect against changing attacks.
There's a risk of organisations becoming complacent in the wake of continued cyberattacks, especially as the question is no longer an if but when organisations will be attacked. While there's now a level of normality around cyber threats, the risks start to include the potential for wilful blindness or risk fatigue in cybersecurity. For example, business leaders may be tired of hearing about ransomware, but that doesn't mean it will disappear.
As cybercriminals continue to increase their sophistication of attacks, organisations need to double down on the security basics or risk their own complacency also becoming a significant threat. To counteract this, business leaders need to increasingly give cybersecurity a seat at the boardroom table and invest in zero trust strategies from a business perspective instead of only a technology viewpoint.
Beyond strengthening an organisation's security posture and better educating employees around maintaining good cybersecurity hygiene, more must be done on an enterprise and government level to protect ANZ businesses from cyber threats. As cybercriminals evolve, often joining forces to share exploits, businesses and governments must equally engage in information sharing to help better protect organisations and data from cyberattacks. In addition, enterprises need to collaborate more freely and engage in open communication; ultimately, it's big technology that can contribute to the safety and security of individuals and their data, and more needs to be done to reinforce this.
As with physical security, there's an increasing need for a collective, global coalition to be established to help businesses and governments better manage security and safety in the digital sphere. Without this, cyber attackers will continue to evolve and threaten businesses. And, as society becomes increasingly connected, and attackers become more sophisticated in their approaches, the impacts of future attacks could be devastating.