Prioritise Cyber Resilience and Cybersecurity Basics to Help Your Organisation Start 2023 Right

In several of these attacks, more than 2 million customers’ personally identifiable information (PII), including financial details, were accessed, resulting in the breached organisations being issued with ransom demands from the attackers and government agencies getting involved in remediation due to the citizen impact of the attacks.

The stark security challenges that Australian organisations face are demonstrated in a survey we commissioned of IT and SecOps decision-makers (conducted by Censuswide in April, split 50:50 between both groups), with 2 in 3 respondents (69%) stating they believed the threat of ransomware in their industry had increased in the last 12 months, close to half (46%) said their organisation had been the victim of a ransomware attack in the 6 months prior, and 63% expressed a level of concern about whether their IT and security teams would be able to mobilise efficiently to respond to a cyberattack.

After a year of cyberattacks and data breaches, Australian citizens' and businesses' tolerance of companies being breached is also waning, especially given the numerous government initiatives and programs in place to encourage better data management, data privacy, and data security practices amongst organisations. These include the Essential Eight Maturity Model, the Notifiable Data Breach scheme (NBR), and amendments to both the Privacy Act (1988) and the Security of Critical Infrastructure Act 2018. In fact, just last week, Palo Alto Networks (a core member of the Cohesity Data Security Alliance ecosystem) released research that found 92% of Australians surveyed want an individual to be held responsible when a company is impacted by a cyber attack, with 7 in 10 respondents saying not enough is being done to hold corporate leaders accountable for data breaches.

Rather than make predictions about what may be to come, here are some considerations and recommendations to help organisations as they transition into 2023, which could be a more cyber-resilient year - if that’s what they choose to make it:

• Large-scale events like a sports World Cup, an election, public holidays, and the coming holiday season come with an ever-growing risk of a cyberattack like ransomware. Most organisations understand that the cyber threat landscape is becoming more sophisticated, with the potency and frequency of attacks intensifying. Malicious actors will look to take particular advantage of organisations during these ‘busy’ times because this is when usual ‘guards’ may be down, with IT and SecOps teams ability to respond being hampered by some of their teams' participation in that event or holiday, with less capacity to monitor systems or networks and conduct regular data backups, they may also be flooded by various types of cyberattacks such as a DDoS or malware attack, and they may also be relying on legacy technology that wasn’t built to withstand sophisticated cyberattacks. Understanding these cybersecurity challenges going into the holiday break is vital to how you come out of this change to usual operations and start 2023 off in the best position possible.

• What malicious actors are really looking to test at these ‘busy’ or ‘distracting’ times is an organisation's cyber resilience, which is its ability to conduct operational processes or achieve business outcomes despite an adverse cyber event. Why? Because by disrupting and holding their operational processes to ransom, in turn causing huge reputational damage and undermining citizen or customer trust, then they can dial up the pressure and demand more lucrative, even multiple, ransom payments. To combat their attacker's game plan, organisations need to do more than just be aware of the intensifying cyber threat landscape, which gets worse during a big event or the holiday season.

• Organisations need to develop a game plan centred around empowering their IT and Security teams to tactically come together with the shared goal of establishing or maintaining cyber resilience at a people, process, and technology level because their ability to counter-attack is defined by where their critical data is stored, how it is secured, and how quickly it can be recovered to restore processes and achieve outcomes. Our research found almost 3 in 4 (74%) of ANZ IT and SecOps decision-makers believe they should jointly share the responsibility for their organisation’s data security strategy, with 78% agreeing or strongly agreeing that if security and IT collaborated more closely, then their organisation would be better prepared to recover from cyber threats and ransomware attacks. Crucial cyber resilience questions that organisations should be able to answer or solve through their technology approach and capabilities include: Can you restore certain files individually or do you need to do a full data restore, and how long does it take? Do you have immutable backups? Is your data encrypted in transit and at rest? Do you test your backups against targeted recovery time and recovery point objectives?

• Priorities and areas of focus should be centred around the cybersecurity fundamentals, with a focus on increasing coverage and effectiveness of core security controls. Looking at some of the most recent and impactful breaches around the world, the attackers are getting access to critical systems and sensitive data by exploiting basic vulnerabilities that exist in the security posture.

• Within our own organisation at Cohesity, one of the key priorities we have carried over from the fiscal year of 2022 into 2023 is an ongoing focus on security awareness training and education on social engineering attacks for all our employees. This needs to be a campaign amongst your employee base in order to build and sustain the muscle memory required to reduce exposure.

• Another core priority is to continue to focus on credentials management, which includes increasing RBAC, least-privileged access, and ensuring proper password management practices. Even with the progress made year-over-year, this is an area that requires constant management to ensure that changes to our environments maintain the targeted level of credentials management.