{"id":80767,"date":"2023-06-29T11:00:12","date_gmt":"2023-06-29T01:00:12","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=80767"},"modified":"2023-06-29T10:22:38","modified_gmt":"2023-06-29T00:22:38","slug":"as-cybercrime-evolves-organisational-resilience-demands-a-mindset-shift","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/as-cybercrime-evolves-organisational-resilience-demands-a-mindset-shift\/","title":{"rendered":"As cybercrime evolves, organisational resilience demands a mindset shift"},"content":{"rendered":"
<\/figure>\n

Facing the threat of state-sponsored cyberattack groups, the financial motivations of organised cybercrime gangs and the reckless ambitions of loosely knit hacktivist collectives, Australian organisations are fighting a cybersecurity battle on multiple fronts.<\/p>\n

While an attacker\u2019s goals can be amorphous and hard to define, the tools, tactics and procedures deployed against private and public organisations are constantly evolving.<\/p>\n

Nowhere is this more apparent than in malicious emails. A tell-tale giveaway used to be poorly written and grammatically incorrect correspondence urging the user to click a link or open an attachment. With the advent and large-scale adoption of generative artificial intelligence platforms such as ChatGPT and Bard, the malicious is getting harder to distinguish from the mundane.<\/p>\n

As AI-enhanced attackers<\/a> continue to target Australian organisations, is it possible to be completely secure?<\/p>\n

No, it\u2019s not.<\/p>\n

Short of taking your operations entirely offline, no silver bullet, no enchanted widget, no magic bean will stop all cyberattacks.<\/p>\n

Although it\u2019s impossible to completely inoculate your organisation from cyberattacks, it\u2019s entirely possible to limit the impact of the inevitable breach.<\/p>\n

With attackers honing their craft to inflict maximum damage, businesses need to build resilience to ensure that an attack is a relatively minor inconvenience rather than a catastrophic incident.<\/p>\n

It’s clear the stakes are high. A recent ransomware attack took an Australian financial services firm offline for five weeks. The cost of this downtime and remediation has been forecast to reach $95 million to $105 million<\/a>.<\/p>\n

While threats range from compromising business email and man-in-the-middle<\/a> interventions to distributed denial-of-service (DDoS)<\/a> attacks and zero-day exploits<\/a>, attackers appear to favour ransomware\u2014the Swiss army knife of attacks. Not only can denying an organisation its data further political, financial or activist aims, but ransomware-as-a-service<\/a> operations significantly lower the barriers to entry for cybercriminals.<\/p>\n

In its purest form, a ransomware attack seeks to make critical data unavailable to the victim. This is traditionally achieved by encrypting the data and demanding a ransom be paid to receive a decryption key. Unfortunately, even paying the demand is no guarantee. Recent Rubik research<\/a> found that only 14% of Australian organisations that paid the ransom were able to recover all their data.<\/p>\n

Governments and law enforcement agencies around the world are increasingly urging organisations not to pay ransom, and organisations have improved their use of backup data to recover business operations.<\/p>\n

But attackers have adapted. We\u2019ve seen an evolution in how they try to force their victims to negotiate. They first seek to destroy or corrupt backup data before the ransom demand is made.<\/p>\n

Of the Australian organisations that experienced a cyberattack last year, 98% saw the malicious actors attempt to compromise their backup data. In 87% of cases, they were at least partially successful.<\/p>\n

This tactic is designed to hamper recovery efforts, since up-to-date backup data enables a victim to rapidly restart operations from the latest \u2018save point\u2019 prior to the infection.<\/p>\n

Data backups are so fundamental to cyber resilience that it\u2019s the only measure in the Australian Signals Directorate\u2019s essential eight<\/a> to address recovery. While the other seven measures are all important, they relate to prevention before the fact, rather than recovery after an attack.<\/p>\n

At maturity level one<\/a>, the essential eight guidance recommends:<\/p>\n