23 Mar Security in the spotlight: modern work and warfare
Co-authored with Danny Lam, Security Practice Lead and James Paek, Microsoft Alliance Director at Eighty20 Solutions
As organisations face an increasingly complex set of threats putting critical systems and data at risk, their focus on security measures is growing. But as the types of attacks and breaches become ever more varied, how can they invest in solutions that are comprehensive, yet flexible enough to keep their organisation and reputation protected?
In the last two years, cyber and data risks have become an even greater focus for organisations. A modern workplace revolution, triggered by COVID has played a large part in this. But as workplaces look forward to a year of fewer restrictions on movement, the world is in upheaval from a different threat – modern warfare, with cyberattacks used to disable critical infrastructure, along with missiles and ground forces.
As Russia mounted their widely condemned offensive on military and civilian targets in Ukraine in late February, the international media also reported on cyberattacks that have sought to cripple banks and government departments. And while countries who have criticised and sanctioned Russia for their actions in Ukraine might not face direct reprisals, the Australian Cyber Security Centre (ACSC) have suggested local organisations could be caught up as ‘collateral damage’ as the cyber invasion of Ukraine continues.
Cyber risks on the radar
High profile incidents like the Ukraine attacks can certainly turn up the heat on boards, C-suite leaders and CISOs regarding cyber security strategies and risk management. But a steady rise in incidents over the last year or so has kept this high on their agenda regardless. In fact, security is the top priority for IT investment for the majority of Australian organisations (70%) according to the 2021 Fortinet Networking and Cybersecurity Adoption Index, followed by architecture and networking (62%).
Over the 2020–21 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. The increase in volume of cybercrime reporting equates to one report of a cyberattack every 8 minutes compared to one every 10 minutes last financial year.
ACSC Annual Cyber Threat Report, July 2020 to June 2021
Cybercrime continues to be the most common type of data breach, but human error still poses a significant threat to information security. Annual reporting from the Office of the Australian Information Commissioner (OAIC) for the 2020/21 financial year shows human error is behind 30% of data breaches, compared with 65% for criminal attacks (the last 5% is due to system errors.)
It’s also important to note that the most common type of cyberattack is phishing which relies on humans to be taken in by, and engage with, attackers. So it’s no wonder awareness is at the top of the list for IT security programs for Australian organisations, with 23% having implemented a zero trust strategy and 36% planning to in the next 12-18 months.
The price of progress
While many organisations had already started ramping up security programs before COVID, the pandemic has accelerated this process. Knowledge workers transitioned from office to home in 2020/21 to hybrid in 2021/22 and now work from anywhere is emerging as the latest trend. With an ever growing surface that’s potentially vulnerable to attack, it’s now imperative for organisations to secure devices workers are using, regardless of where they’re located, who owns them and how they’re accessing networks and data.
From the perspective of cyber criminals, occasional lags in IT security measures created a golden opportunity to prey on these vulnerable end points. In some cases, the rush to the cloud hastened by COVID, has also involved compromise on security protocols as migrations happened at lightning speed to ensure continuity of access to data. While this has resulted in a degree of distrust of the cloud as a secure alternative to on premises environments, there are a host of best-practice protocols and solutions available to help organisations develop cloud data architecture and applications that are secure and compliant from day one.
Covering all bases
It’s fair to say that most organisations – particularly those in government or at the enterprise level –are working towards best practice in their frameworks for establishing, testing and evolving IT security. This is partly due to cost and, in the case of government, protecting the public interest. This is why we’ll often see government clients targeting the highest levels of maturity in their capabilities. Commitment to auditing frameworks every six months across eight key areas – from revalidating privileged user accounts to stepping up frequency of data back-up and restoration exercises – is how our government keeps personal information and essential infrastructure safe from cyber threats as they evolve.
Organisations lacking the capacity to audit to the same frequency and scope as government still have a lot to gain from being proactive on the basis of two principle assumptions – you can have zero trust in workers and your organisation is under attack at all times. While this is a gloomy and brutal view to take, it can spur leaders and internal experts to take a more vigilant and comprehensive path to protecting data and networks.
After all, the combined cost of ransomware attacks or data breaches can be crippling, not to mention the ongoing penalty for a brand if their breach or attack is a high profile one. These risks far outweigh the benefits of an investment made in measures like penetration testing, regular security awareness training and an IT team with the skills it takes to establish the underlying data architecture that’s as much a part of securing data as the multi-factor authentication of users.
Consolidating security solutions
While an increase in budget for IT security is expected, this isn’t to say organisations aren’t looking to streamline their solutions to keep these growing costs in check. This introduces another important element to an information security assessment. Vetting current software and solutions for both value and effectiveness can help organisations adjust their tech stack to bring it in line with best-practice standards and eliminate overlap between application functions without leaving gaps.
Multiple vendors and technologies tend to add cost and complexity to IT environments. Avoiding that cost and complexity was important for 36% of Australian organisations.
Fortinet Networking and Cybersecurity Adoption Index 2021
As an enterprise solution that’s familiar and well-supported by experts with the relevant skills and certification, Microsoft provides native tooling designed for many security challenges modern workplaces are facing. They’re also able to keep these features in balance with others that support agile development so organisations can ensure security measures can exist side-by-side with an organisational culture and practice that’s innovative and responsive.
An investment in this solution is also going to last. Organisations can count on a provider operating at the scale of Microsoft to deliver what they need to meet new cyber security challenges as they arise. Having said that, while their out-of-the-box tooling can be expected to meet a good range of security needs, organisations may need to supplement their solutions with more specialised apps for particular needs.
Assess and stay alert
Just like any every other part of the IT program for a modern organisation, best-practice in cybersecurity is a moving target with a mindset of Zero Trust and Assume Breach, proactively hunting and detecting threats. But embedding it in your digital transformation program can get easier as your organisation moves up the adoption maturity curve. It helps to take a step back from the questions of procurement and tooling and take a longer view on what future state security should look like once an organisation has made the move from on premises infrastructure and VPNs to a cloud environment and modern management system for devices.
This is where a partnership with Eighty20 can offer valuable support on the journey to safeguarding your organisation and data. Running design workshops to consider your current and future state for security and how that will impact on your business and training needs as well as your tech stack is the first step to bringing the whole organisation up the learning curve. You can get a handle on the additional resourcing you’ll need and teams involved at each stage, and we can help prioritise the gaps and talk through recommendations – from configuring end points to data security.
Once the transition is underway, it’s vital to keep assessing capabilities – and not just through formal penetration tests of systems. Initial adoption will often include training on new tools and systems, as well as awareness but workers and internal IT team will often have questions after the launch phase, once they’ve actually seen how everything works. This is the time to be testing for adoption and looking at productivity scores to make sure everyone is getting used to things without being held up in doing their work.
Armed with these metrics as well as feedback, we can work together to keep ramping up internal knowledge and awareness to limit future vulnerabilities. Support for ongoing patch management and automated repair of clients on devices are some of the other ways we can help you embed routines that will keep your organisation secure and compliant well into the future.