While the internet propels us into an era of unparalleled innovations and conveniences, it concurrently exposes individuals and organisations to an ever-evolving network of malicious entities.

As our reliance on online ecosystems deepens, so does the urgent need to strengthen our digital defenses. Gone are the days of basic viruses and phishing scams. Modern cyber threats are stealthy, sophisticated, and often target specific individuals or critical infrastructure.

In this dynamic landscape, our experts share practical strategies to help you outsmart hackers, reinforce your defenses, and navigate the ever-changing world of cyber, in tithe week’s edition of Let’s Talk.

“In fortifying our cybersecurity measures against evolving threats, at ESET we advocate for a threefold strategy. Invest in cutting-edge threat intelligence to stay ahead, foster a robust cybersecurity culture through continuous employee training, and seek expertise beyond the bounds of your organisation to ensure current, holistic, and localised solutions. Strengthening cybersecurity measures within an organisation requires the synergy of advanced technology, education, and collaboration. As cybersecurity is constantly evolving in Australia, and across the globe, it’s imperative that business leaders cultivate the right team to stay abreast with the landscape. This approach can help organisations to effectively safeguard against cyber threats and ensure a positive digital future for their business, employees and wider community.”

“In an era of escalating cyber threats, strengthening cyber security measures is paramount.

“Critically, Australian Government has recognised this urgency, with a significant $550 million investment targeted towards bolstering cyber security for small businesses, underlining its commitment to ensuring the digital safety of businesses, by enabling them to fortify their cyber defences against emerging threats.A key initiative of this investment is the free resource, Cyber Wardens, which is a simple education tool designed to build a cyber-smart small business workforce. It’s a great addition for small businesses, providing them with access to expert advice without the associated costs.

“For businesses a bit more budget (and to be honest you should put aside budget for cyber security), engaging a consultant to conduct simulated attack scenarios, often referred to as ‘panic room’ exercises, is a wise move. These simulations identify vulnerabilities in the existing security framework, providing clear insight into areas requiring fortification. By pre-emptively addressing these vulnerabilities, you mitigate the risk of a successful cyber-attack.

“However, it’s crucial to remember that cyber security is not a one-time initiative but a continuous process. As cyber criminals become more sophisticated, businesses need to constantly update and adapt their cyber security strategies to stay ahead. A proactive approach, combined with the right resources and practices, is key to fending off evolving cyber threats.”

“Strengthening cyber security measures and cyber governance isn’t a one-time setup, but a continuous process of adaptation and improvement. It involves a multi-faceted approach to address both technical and human factors and manage cyber risk like any other business risk.

“Here are key strategies:

“For leaders expanding into the USA market, reinforcing cybersecurity measures for client trust in your business is essential. Initiate this process with your Board by undertaking a thorough risk assessment, identifying vulnerabilities, and implementing robust encryption protocols and multi-factor authentication to elevate access controls. Ensure compliance with federal & state regulations applicable to your industry e.g. Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA).

“Nurture a cybersecurity-centric culture across your organisation through tailored employee training programs, incorporating rigorous adherence to security protocols. Develop a responsive incident management plan that aligns with federal guidelines, safeguarding against cyber threats. Consider obtaining industry-recognized cybersecurity certifications, such as ISO 27001, to augment credibility and foster collaboration with reputable cybersecurity firms.

“Leaders should actively participate in industry forums to stay ahead; the annual “CyberSecurity USA Summit” is a noteworthy conference. Also, subscribing to authoritative newsletters is crucial for staying informed, such as securityweek.com, which delivers timely updates.

“By integrating technology, employee training, regulatory adherence, and collaborative efforts, your business fortifies its cybersecurity resilience and stays abreast of the latest developments through key conferences and newsletters in the ever-evolving and complex USA market.”

“Cyberattacks are escalating at an alarming rate, and in today’s digital age where people and businesses mostly transact and communicate online, staying aware and vigilant against cyber threats is vital. Governments and enterprises cannot control what they can’t see – disciplined, coordinated security architecture adoption is key to ensuring open visibility of digital channel performance, resilience and control. Beyond any recommended fundamental controls outlined in prevailing security and availability-focused regulatory standards, its is our view that best practice architectures should also consider: 1) Zero Trust frameworks – to ensure that only authenticated users can access critical applications; 2) Microsegmented networks – to deliver deep network observability, and to isolate and contain breaches, and; 3) API security – to enforce strict management, visibility and control of all APIs facing external business partners and users, as well as internal authenticated users. Beyond the tools, security strategies always need to consider the processes and people required to make them effective, and opportunities to test controls’ effectiveness against the prevailing threat landscape will always be time well spent.”

“Cyber threats are more sophisticated and complex than ever and evolving quickly with new technology like AI becoming increasingly advanced every day. Cultivating a solid security culture is paramount to strengthen an organisation’s human firewall.

“If you think your organisation will not be attacked because it’s too small – think again. Cybercriminals love to target the smaller businesses because they know they’re easy to socially engineer, access the network, and steal the data to sell or use to target more attacks.

“There are several things that businesses can do to increase their basic cyber hygiene and avoid the relentless onslaught of cyber-attacks. These include:

“It comes down to building a strong security culture and we will see organisations continue

to focus and build on this in 2024.”

“Despite cybersecurity being front of mind for the C-suite, many organisations still have a big gap in their security posture – how they manage physical IT assets throughout every stage of their lifecycle. Good asset lifecycle-management is foundational to effective data security because even the best cybersecurity system can be futile if you do not decommission or dispose of hardware and devices, securely.

“Perhaps the most crucial part is the end-of-life stage as there are criminals who salvage old hard drives from landfills or purchase recycled IT equipment with the intention of recovering data from them.

“Then disposing of equipment, businesses should follow a well-defined protocol of a trusted chain of custody, comprehensive data erasure and dismantling into components for repurposing or recycling or complete physical destruction. It is a common misconception that erasing data is just deleting files. Instead, specialist data scrubbing software must be used and where possible the asset should be physically destroyed to the point it is impossible to recover any data from it.

“The most advanced cybersecurity system in the world will not be enough to protect your data if a piece of hardware containing sensitive information finds its way into the wrong hands.”

“Over the past few years, we’ve seen cyber threats against small businesses not only increase but evolve, particularly with the rise of artificial intelligence (AI). Invoice redirection, website spoofs, malware and phishing are all common tactics fraudsters turn to.

“Sadly, many small businesses are not aware of the risks that a cyber attack could pose to them, until it happens. The consequences of a cyber attack can extend from reputational damage, loss of revenue and customer trust, to fines from regulators.

“The most important thing that business owners can do to strengthen their cybersecurity measures is to educate themselves about the risks so that they can take preventative action.

“That’s why Mastercard recently created a content series containing low-cost and actionable cybersecurity tips for small businesses. The steps include educating and training employees, using strong and unique passwords, implementing multi-factor authentication (MFA), updating software regularly, using antivirus software, limiting access rights to restrict access to sensitive data, backing up data securely and regularly, exercising caution against phishing, enhancing email filtering, and developing a cybersecurity policy and response plan.

“These easy-to-action measures can help small businesses and customers stay protected. Mastercard offers more free cybersecurity resources here.”

“While information security measures are an essential first line of defence for protecting against threats, the nature of cyber-attacks means these measures are rarely failproof. Recent high-profile breaches have shown that businesses also need to stress-test their response capabilities to successfully manage a cyber crisis if and when one does occur.

“Preparing for a cyber-attack involves developing a response plan. The next critical but often overlooked step is to regularly practice and update that plan as threat intelligence and your business evolve.

“Our experience working with businesses in a cybersecurity crisis suggests that plans and checklists aren’t worth much unless tested in what looks and feels like a real-life scenario. We run simulations with businesses of all sizes so that the owners and management teams can experience the dislocation of a cyber-attack in a controlled setting and then improve their response plans if needed. Proper planning and practice can help a business navigate a crisis and reach the other side intact.”

“In my experience even the most robust cybersecurity processes can be undermined by human error. To minimise this vulnerability, organisations should prioritise employee education and awareness. Regular, engaging cybersecurity training sessions are essential, covering topics like phishing awareness, secure password practices, and potential consequences of negligence.

“Establishing a strong security culture is equally crucial, especially with the increase in hybrid working, with many employees working remotely. Encourage a sense of shared responsibility among employees for maintaining a secure environment. Reinforce the importance of promptly reporting any suspicious activities or potential security incidents.

“Cybersecurity measures should be implemented at all stages of the employment lifecycle especially when a new employee joins and employee departures.

“I find it is also beneficial for organisations to conduct periodic reviews of their cybersecurity policies and procedures, ensuring they align with evolving threats and industry best practices. In SME’s, designating a person who is accountable for cybersecurity can provide a focal point for oversight and coordination.

“By investing in ongoing education, fostering a security-conscious culture, and ensuring that policies remain current, organisations can significantly reduce the risk of human error leading to cybersecurity vulnerabilities. A proactive and informed workforce is an organisation’s first line of defence.”

“Many Australian businesses secure their devices and networks by implementing endpoint security solutions and setting up firewalls; these are generally known as an organisation’s first line of defence. However, your best line of defence, is your staff.

“One of the biggest challenges for organisations in 2024 will continue to be employee cybersecurity awareness and education. As criminal tactics become increasingly advanced, threats are now harder to spot than ever before, which increases the importance of keeping staff up to date. Despite the challenges, there are several ways to increase employee awareness, improve staff education, and mitigate risk without breaking the bank.

“It’s important to get the basics right. The use of multi factor authentication (MFA) and strong, complex passwords remain foundational principles of cybersecurity. Staff should also be encouraged to regularly update software and your organisation must have an incident response plan that guides staff through a cyber-attack. Additionally, organisations must implement cybersecurity education programs for employees to improve awareness and understanding of the threat landscape.

“As cyber criminals continue to find different tactics to outsmart businesses’ security measures, ongoing and updated employee cyber awareness education is critical to protect businesses against attacks.”

“Urgent action is required to address Australia’s pressing national cybersecurity issue, aggravated by a decade of stagnation. With cybercrimes reported every six minutes, ransomware alone inflicts annual damages of up to $3 billion on the Australian economy. Businesses must prioritise efficient cybersecurity measures, utilising quick wins to reduce Mean Time to Detect/Respond against evolving threats through integrating existing technical measures. Integration and technology partnerships are an effective way to increase visibility over cyber threats and reduce complexity. For example, platforms that pull Indicators of Compromise from email gateways and web gateways.

“Evolving threats exploit existing vulnerabilities, emphasising the need to place and strengthen fundamental security practices. Exploring advanced measures only after mastering basics is crucial to avoid diminishing returns.

“Human-centric cybersecurity, with tailored training and adaptive controls based on individual risk, yields significant returns. The IoT, AI, machine learning, and a challenging geopolitical environment further escalate risks.

“At Mimecast, we have observed that large organisations seeking support from the CFO and board are able to effectively align proposed expenditures with tangible business outcomes, emphasising risks tied to over-consolidation. A holistic approach, incorporating technological strategies and human involvement, ensures a robust cybersecurity posture, optimising resource allocation for sustained protection.”

“Disruptive technologies, such as generative AI and machine learning, and fast-evolving threats continue to reshape the Australian cybersecurity ecosystem. But as businesses grapple with these cyber challenges, they may well discover new measures to strengthen their ability by unifying data security, data protection and data governance capabilities.

“The first and foremost important step for any business is evaluating its cyber resiliency. This is the ability to withstand and recover quickly from cyber incidents. To maintain cyber resiliency, businesses can follow these key steps:

“Small businesses are prime targets for cyber criminals lurking in the digital shadows, with statistics revealing a startling 62% experiencing cybersecurity incidents. The interconnected digital world poses real and immediate threats – a reality, not a scare tactic. Cyber attacks occur every seven minutes in Australia, costing businesses anywhere from $39k to over $1m, with a disheartening 66% of small businesses never recovering.

“It’s time to shift from the head-in-the-sand approach to a proactive cybersecurity stance. Invest in education/training, starting with cybersecurity basics like recognising phishing attempts and secure password practices.

“Seven vital steps for protection:

“Rapid technology advancement has provided unparalleled conveniences and exposed us to many cyber threats. As organisations rely on multi-cloud and hybrid environments to meet their infrastructure needs, their reliance on artificial intelligence (AI) to enhance security and compliance becomes urgent. Therefore, failure to address vulnerabilities in AI platforms and misconfigurations in the cloud could lead to devastating consequences, including data breaches that impact critical decision-making processes.

“The threat of data poisoning is significant, as manipulations could corrupt AI learning processes, resulting in harmful outcomes, especially in critical applications like self-driving cars.

“Traditional defence methods are inadequate as cybercriminals refine tactics, making reassessing and reinforcing cybersecurity strategy imperative.

“The answer lies in adopting a proactive and multifaceted approach to exposure management. This involves collaboration, investing in secure cloud and AI development, and educating developers and end-users about associated risks. As AI-targeted attacks surge, fostering resilience, adaptability, and responsible innovation is essential to a secure digital future.

“The time to act is now to safeguard the integrity of our AI-driven world from irreversible consequences.”

“With 9 in 10 businesses having suffered an identity-related breach, identity security is a critical component in strengthening businesses’ cybersecurity posture against evolving cyber threats.

“It is essential for businesses to embrace the next generation of identity security solutions, fueled by automation and machine learning. This entails a comprehensive, unified, integrated approach that addresses all identities (including non-employees and non-humans) and applications within the enterprise. Instead of having end users and admins go to various systems for account access or privileged access, a unified approach is the way forward to manage identity challenges. This means one set of workflows for automation, one set of policies for control, a unified connectivity fabric, consistent APIs, and a unified data model that provides unprecedented control to secure all enterprise identities and address the current and evolving complexities of the modern business.

“The shift towards a unified identity security model will equip businesses with complete access visibility across hybrid environments, deeper identity and access understanding and a cohesive set of control policies to manage every type of identity and location of data, and secure all identities at any speed, at any scale.”

“With the escalating complexity of cyber threats targeting identities and credentials, organisations need solutions which can secure both human and non-human identities and privileges, providing their businesses with unparalleled visibility and advanced identity-first threat detection capabilities.

“Solutions which can provide real-time visualisation of threats, illuminate potential attack paths, and offer smart, actionable recommendations to enhance identity hygiene enable businesses to quickly discover and remediate security risks.

“These threat risks include opportunities for unauthorised users to gain access to sensitive systems and data, including unmanaged admin and over-privileged accounts, potential on-premises to cloud privilege escalation paths, pivot points that attackers could use to go from personal email accounts to corporate admin accounts, opportunities for session hijacking, and many other previously undetectable security gaps that could be compromised by bad actors.

“By empowering organisations to proactively protect their identities, businesses can safeguard critical assets in today’s evolving threat landscape.”

“Key areas to support keeping organisations secure include deploying a robust, secure data backup solution that is periodically scanned and tested, enforcing a strong password policy, including the use of multi-factor authentication, and educating employees on how to spot email phishing attacks.

“You cannot defend what you cannot see so ensure that you have visibility by monitoring all your organisation’s digital assets and IOT devices using vulnerability assessment tools and applying timely critical security patches, including on your security controls.

“Given over 1 in 10 organisations were targeted with ransomware attacks, anti-ransomware tools that monitor for irregular encryption behaviours and stop the process in its tracks are a necessity.

“As we are now seeing an evolution into data theft/extortion attacks, considering a data encryption strategy for your critical data makes sense and costs very little.

“Also, regular security posture assessments to uncover gaps, having an incident response plan in place and adopting a cybersecurity framework such as Zero Trust and the Essential Eight will help increase your cyber resiliency. Automated threat detection and prevention will maximise your chances of protection, including scanning and monitoring file activity for suspicious files.”

“While policies, processes, and threat intelligence tools are essential components, one cannot underestimate the significance of the human element in this equation. Beyond the technical aspects, it’s crucial to cultivate a cybersecurity-conscious culture within the organization, where every team member understands their role in protecting against cyber threats. Furthermore, with the advent of remote and hybrid work models, it’s imperative for companies to reassess and adapt their cybersecurity policies. This includes managing devices, securely sharing information, and implementing effective communication tools while maintaining a balance between flexibility and security. In addressing the growing challenge of cybersecurity skill gaps, there’s a notable shift toward recognizing the need for dedicated cybersecurity professionals. Specialization has become a prevailing trend, with organizations establishing specialized cybersecurity teams. These teams often consist of experienced professionals who bring a wealth of knowledge to the table. The expertise gap can be particularly daunting for small and medium-sized enterprises (SMEs). Many are now turning to third-party providers for cybersecurity strategy and technology services to bolster their overall cybersecurity posture.”

“With billions of users interacting online every day, identity threats have become the new battleground in the high-stakes world of internet fraud. New advances in identity threat protection can help block account takeover (ATO) and new account fraud (NAF), and help businesses create safe and seamless user experiences across their digital properties.

“Smart detection techniques like event intelligence and device profiling occur in real-time through self-learning algorithms that evaluate user activity before, during, and after login. Dynamic policies are the next element used to block ATO and NAF based on self-learning low-medium-high risk predictors.

“By allowing you to pivot quickly, dynamic policies and predictors are key to protecting against new ATO and NAF threats as they arise. To adequately protect against ATO and NAF, cybersecurity solutions must integrate and be managed from one centralised platform. No matter where you turn, both individuals and organisations are under constant threat from cyberattacks. Luckily, identity threat protection technology does not require you to sacrifice exceptional user experiences in order to safeguard people’s data.”

“Modern IT environments often involve a heterogeneous mix of device types and operating systems, and a blend of cloud-based and on-prem resources. Strengthening security requires a security perimeter around every access transaction — and the adoption of a Zero Trust model.

“Some tips:

“It is critically important that companies understand their extended digital supply chain, or the suppliers, vendors, and other third-parties that have direct or indirect access to their network. Organisations need to know who they are connected to and what access these third parties have. If a third party gets breached, this breach can then compromise the main organisation and result in data loss, ransomware, or business interruption. As organisations look to mature their supply chain risk defences in the next year and beyond, here are four recommendations to combat common pain points:

“While we cannot expect the number of supply chain cyber-attacks to decrease, we can hope

that faster identification and remediation helps to soften their impact.”

“The Australian cybersecurity landscape has witnessed a significant upsurge in cloud account hijacking incidents recently, signalling a shift in attack patterns that professionals must prioritise in their defensive strategies.

“The gravity of the situation stems from the fact that once an attacker breaches a cloud-based system, the potential to compromise additional accounts escalates. The cloud’s growing ubiquity among businesses has inadvertently heightened its appeal to hackers. These actors are determined to infiltrate digital spaces.

“It’s imperative for cybersecurity experts to broaden their protective measures beyond the safeguarding of individual users and isolated tech systems. This is made more pressing by the advent of artificial intelligence in making cyber threats more sophisticated and dangerous.

“The primary focus must now be the robust security of cloud architectures. This paradigm shift is essential to counter not only the enterprising teenage hacker but also the sophisticated entities orchestrating large-scale assaults on national infrastructure. The expectation for the next year is clear: cloud account hijacking is poised to become a standard tactic in the arsenal of cybercriminals globally, and Australia’s cyber defences must be prepared to respond accordingly.”

“In this digital age, every business faces evolving cyber threats and small and medium-sized enterprises (SMEs) are increasingly targeted by sophisticated techniques. To strengthen cybersecurity measures, consider the following:

“Businesses must be proactive and identify and close vulnerabilities before cybercriminals can exploit them.

“Adversary simulation, also known as red teaming, is one of the most powerful tools available to measure an organisation’s readiness to deal with cyberattacks. A red team is a third party that’s engaged to simulate a bad actor to test whether your systems are resilient to an attack.

“To bolster your defences, it is important to proactively look for weaknesses and follow best practice standards and guidelines like the NIST Cyber Security Framework, ISO 270001 or Essential Eight.

“Businesses should assume they will be targeted by a malicious party and implement protections that will minimise the risk of being hacked. They must also ensure they know how they will recover if a criminal is able to penetrate their defences.”

“Employees who are aware of the various cyber threats and tactics used by cybercriminals can proactively contribute to a more secure digital environment by recognising and thwarting potential attacks. As such, cybersecurity education should be comprehensive and widespread. While general employees play a crucial role in preventing security breaches, company leaders and board members should see themselves as equally, if not more, responsible. They must know the right questions to ask, and how to interpret the answers, to assess how protected (or not) the organisation is.

“In the unfortunate event that a cyber attacker successfully bypasses employee scrutiny, the next line of defence will be cybersecurity software and cyber defenders. This is where highly integrated and easy-to-use cybersecurity tools prove their merit, as cobbling together various consoles and cybersecurity products requires a lot of effort to maintain and can lead to gaps in protection.

“We also need to recognise the critical role that defenders play in protecting businesses and their employees against evolving cyber threats.”

“As nation-state threat actors continue to execute highly sophisticated, unforeseeable cyberattacks against companies with new tools and techniques, it’s critical we ensure our cyberinfrastructure is protected.

“It’s crucial for the entire industry to stay vigilant and safeguard our collective cyberinfrastructure. Modern software development has made our digital world more complex than ever, with the ongoing move to the cloud and digital transformation efforts complicating the landscape. Given this complexity and the increasing sophistication of threat actor tactics, it is nearly impossible for any one company to thwart persistent cyberattacks carried out by motivated and well-funded nation-state attackers.

“This is why we’ve taken steps to help the industry become more secure and defend against these unforeseeable attacks. We take pride in actively supporting secure software development initiatives set by the industry.”

“In the face of evolving cyber threats and the tangible danger this represents, organisations must enhance risk management across the entire organisation, treating cyber akin to other business risks and mitigations. This entails understanding all critical data assets, internet-facing assets, user access, endpoint locations, and external connections, while maintaining awareness of ongoing activities throughout today’s borderless corporate network.

“The current landscape necessitates a shift from legacy siloed security tools to a unified cybersecurity platform. This transition not only strengthens a company’s security posture by minimising vulnerable disconnected data and blind spots, but also streamlines operations, reducing costs and accelerating time to value.

“Adopting security technologies such as combined Attack Surface Risk Management and Extended Detection and Response (XDR) is a key step in prioritising cyber risk and spotting threats early enough to take effective action against them. Other ways to bolster an organisation’s risk posture include implementing out-of-the-box automation, AI assistance, robust access controls, a zero trust approach, and ensuring a cybersecurity strategy focused on continuous discovery, assessment, and agile risk mitigation. Managing risk is key to maintaining a proactive defence against evolving cyber threats and can only feasibly be achieved through a platform consolidation approach.”

“There’s only one certainty when it comes to cybersecurity, and that is cyber criminals will continue to evolve their methods and innovate as new defences emerge. It’s an arms race, and one where criminals will use every tool at their disposal to try to compromise your organisation.

“This is why conventional cybersecurity is broken. Traditional defences rely on identifying existing threats and attacks they’ve seen before. But they are underprepared when it comes to new and novel threats. As generative AI becomes enmeshed in our daily lives, cybercriminals are using it to craft even more believable sounding phishing emails and social engineering attacks – things traditional security techniques can’t guard against.

“The only way to defend against AI-based attacks is to use AI cybersecurity like that offered by Darktrace. Only AI can identify new and emerging threats – particularly those generated by AI – and give human security teams the tools they need to fend off these attacks and safeguard the business as a whole.”

“There are four guidelines Australian businesses can follow to strengthen cybersecurity measures:

“In order to bolster their cyber defences, Australian businesses must actively reinforce their defences with robust security measures to safeguard their valuable data, assets, employees and customers. A range of advanced technologies can be deployed to assist teams in staying secure and protecting their network data and operations from evolving threats:

“The important aspect here is a holistic approach which maps and monitors the entire network of the business. Integrating real-time threat detection, incident handling and ongoing learning technologies can substantially support a business’ security resilience and reduce attack vulnerabilities.”

“Generative AI has opened the door to a new set of threats to businesses. Adversaries are using it to execute machine speed attacks with less dwell time. Deepfakes – both voice and video – are being used to destabilise trust and run scams. Phishing is more sophisticated.

“But for all the evil it can do, AI can be used as a force for good. Machine-generated attacks require machine-generated responses, and AI is a super facilitator that can bring order to chaos.

“With AI, enterprises can detect and prevent threats with speed and efficiency and secure a broader range of assets better than humans alone. They aren’t limited by how many people are in their SOC, or the expertise of their team. Instead, they are empowered to see things in real time, at scale, and defend their environment against attacks in an infinitely scalable way.

“Security today isn’t just about threat detection and prevention. It’s about gaining visibility and insight into data across the entire enterprise and transforming it into decisive action to protect business. And in leveraging AI-powered security solutions, enterprises can do just this.”

“Organisations are spending more than ever on cybersecurity. Business leaders are no longer asking “Why do we need to invest in cybersecurity?”, instead they’re asking “How much budget do we need?”. Despite this shift, why are breaches not reducing in correlation with how much we’re spending and why are still getting the basics wrong?

“I think the answer is that our systems, users, data, and assets are much harder to reach and protect than ever before. The perimeter has expanded, our attack surface is expanding and many of our existing technologies and security controls just cannot keep up. It’s crucial to recognise that technology initiatives are no longer limited to IT departments, and valuable data can be found outside secure data centres, sometimes in less secure places.

“To address this, it’s time to modernise our security strategy. Modernising security means understanding and accepting that our organisations have evolved. It isn’t just about using the latest tech, it’s about finding the right balance between encouraging innovation, keeping things running smoothly, and building robust defences against the ever-growing range of cyber threats.”

“Businesses of all sizes continue to continue to be a top target for cyberattacks. To protect against ransomware threats, a strong cybersecurity posture must be implemented and should include automated incident and response plans to efficiently identify cyber threats and provide a comprehensive view of the IT infrastructure. This proactive approach will not only allow organisations to continually monitor threats but facilitate the proper countermeasures. In addition, businesses should prioritise regular backups, end user training and password hygiene.

“At the same time, assessing third-party risk is also a critical aspect. For larger organisations, it is essential to have strong communication and notification tools, as well as a deep understanding of how to effectively configure their complex IT environment. This allows organisations to gain a comprehensive view of anomalous and malicious activities across all fronts, enabling a prompt and thorough response. By implementing a well-configured security monitoring solution that provides complete visibility, including for third-party vendors, businesses are more likely to detect indicators of compromise and mitigate threats in a timely manner.

“At a minimum, organisations must patch aggressively, limit privileged access, create backups, prepare a response plan, prioritise educational training and consider cyber insurance.”

“To bolster their cybersecurity measures, organisations must prioritise information management. Data, while acknowledged for its significant business and financial value, can also pose a liability if retained unnecessarily. Businesses need to understand that data collection and storage are essential, but indefinite data retention is not. Keeping data longer than required opens up vulnerabilities, providing cyber criminals with more opportunities to infiltrate an organisation’s computer systems.

“A preventative and proactive approach requires businesses to manage data throughout its lifecycle. This includes understanding the current data inventory, its purpose, duration of utility, access privileges, and eventual disposition once it’s no longer needed.

“Once data is identified and classified, businesses can implement processes for more secure and reliable data governance. This approach helps in reducing risks and ensuring better cybersecurity.”

“Recent breaches earlier this month at The Iconic and Guzman y Gomez reinforce the urgent need for Australian businesses to enhance API security against evolving cyber threats.

“Both organisations were victims of credential stuffing, the result of stolen login credentials being used from one system to access a completely unrelated account.

“To fortify defences, businesses must implement a tailored security program, combining traditional practices with advanced techniques. This includes regular security audits, robust access controls, educating employees and staying informed about emerging threats. Bridging the gap between application and API security experts is critical for knowledge sharing and tool development.

“API security is not a one-off undertaking but should be an ongoing process, requiring continuous monitoring, audits, and proactive measures. The lessons learned stress the importance of vigilance, tracking known threats, and enhancing API security to protect sensitive data and maintain user trust. By adopting these best practices, businesses can strengthen their cybersecurity posture in the ever-evolving landscape of API security.”

“Homomorphic encryption presents a revolutionary approach to enhancing cybersecurity against evolving threats. This technique allows computations to be performed on encrypted data without needing to decrypt it first. The real breakthrough of homomorphic encryption lies in its ability to enable data processing while maintaining complete confidentiality, a crucial aspect in an era of increasing data breaches and sophisticated cyber-attacks.

“In traditional encryption methods, data must be decrypted for processing or analysis, creating a vulnerability where sensitive data could be exposed to unauthorized parties. Homomorphic encryption eliminates this risk, as the data remains encrypted throughout its lifecycle, even during computations. This feature is particularly beneficial for industries handling sensitive information, such as finance, healthcare, and government sectors.

“By adopting homomorphic encryption, organizations can securely outsource data storage and processing to cloud services without sacrificing privacy or compliance with data protection regulations. This approach not only strengthens defense against external threats but also mitigates risks from insider threats.

“In summary, homomorphic encryption enhances cybersecurity measures by providing a secure means to compute on encrypted data, thus significantly reducing the risk of data exposure and ensuring the confidentiality of sensitive information in an increasingly interconnected digital world.”

“To stay ahead of sophisticated and increasing cyber threats, businesses need to adopt a holistic approach, covering both internal operations and client-facing processes. This begins with a robust risk management framework and prioritising staff security awareness training, ensuring employees are equipped to identify and respond to potential cyber threats.

“A key strategy in strengthening cybersecurity is implementing single sign-on (SSO) systems. By adopting SSO, businesses can significantly reduce password fatigue, minimise the risk of phishing and improve user experience. When integrated with hardware key management solutions like SSH key authentication, SSO offers a more secure and efficient way of managing access. This combination simplifies the authentication process and adds another layer of security through two-factor authentication, which can be as straightforward as a tap of a finger.

“Alongside these measures, it’s essential to conduct regular security procedures like active monitoring, penetration testing and auditing, to proactively identify and address vulnerabilities.

“Password encryption software is vital for data stored in the cloud. However, transitioning to SSO can eliminate the need for multiple passwords, thereby reducing the risk of password-related breaches.

“If the complexity of these measures seems daunting, cybersecurity experts can provide tailored solutions to prevent, detect and mitigate cyber threats.”

“Data breaches and cyber-attacks are not just an IT issue but a multi-faceted and multidisciplinary issue requiring various players to effectively navigate the multiple layers and risks. With company directors’ obligations under the microscope and Board members potentially culpable for failure to properly protect assets and systems, protecting the organisation, as well as directors, from liability, is front and centre.

“Businesses are realising they have new and very specific data and cyber security legal needs and are increasingly looking to work with legal counsel to prevent and prepare for events involving serious data breaches, including cyber-attacks.

“Working with legal counsel, prior to an incident, prepares organisations to deal with legal and reputational implications. The collective engagement of the Board and the Senior Executive on data and cyber security issues, risk assessments and mitigation strategies is an important step demonstrating the preventative measures taken, to protect both the business and its stakeholders. It will help to ensure the business is continuously improving and building its resilience against these risks and limit the risk of successful legal action.”

“Healthcare organizations’ cybersecurity continues to be a challenge, particularly as these organizations increasingly depend on vast fleets of internet-connected devices for patient care and outcomes. These devices come with thousands of new reported security vulnerabilities each month: an unparalleled challenge that no cybersecurity budget could surmount. This year, I think we’ll see more healthcare organizations approaching this cybersecurity challenge by adopting risk-first strategies, and utilizing IoT device visibility to prioritize the 5-10 percent of vulnerabilities that represent true immediate risk considering their use cases, network configurations, and common cyberattacker practices. For healthcare organizations with limited budgets, this approach will optimize resources, and results.”

“Regulatory enforcement is quickly becoming the single biggest cybersecurity-related risk businesses face. Compliance requirements and enforcement are expanding on just about every front — and the risks of non-compliance are real and accelerating.

“For example, the FTC Safeguards Rule now requires any business that transfers money to and from customers (and isn’t already under the purview of another regulator) to effectively secure customer data. This affects millions of previously unregulated businesses that are now subject to six-figure fines per violation, additional fines that can personally target business leaders, and risk to their business’s licensing. Organizations in or adjacent to the healthcare field subject to HIPAA need to be aware that HIPAA fines have become more actionable. Regulators have shifted strategies from massive seven-figure fines that were rarely enforced to $35,000-$50,000 fines per violation that businesses are fully expected to pay.

“While the ubiquity of cyberinsurance to protect businesses from these fines’ impact continues to be another key development to pay attention to, cyberinsurance policies require the same security protections as major compliance mandates. There will continue to be less leniency for organizations that don’t have the encryption, data access controls, and other non-negotiable capabilities required by most cybersecurity compliance regulations.”

“As the business landscape becomes more complex and globally interconnected, organizations are working with an increasing number of third parties. And while third parties are an integral part of many organisations’ operations, they can also be a security blindspot if not properly managed within a robust governance framework. In fact, 98% of companies globally have third-party relationships with at least one vendor who has experienced a breach last year. Many organisations have incomplete third-party data, and they also give third parties a higher level of access than necessary, leaving their organisations exposed to cyber attacks. Organisations must prioritise their third-party risk management (TPRM) program to strengthen their cybersecurity measures in 2024 and beyond.

“TPRM helps organisations understand what third parties they use, how they use them and what controls they need to implement to mitigate the risks that those activities can introduce.

“An effective third-party risk management process will include the following elements:

“Establishing a strong third party risk management framework will enable organisations to be better prepared for possible threats while working with trustworthy secure vendors.”

“The cybersecurity landscape moves at immense speed; there are a multitude of threat vectors to contend with, and security professionals are thin on the ground. This seems like an impossible set of circumstances, but truthfully, we need to move past this roadblock and innovate with the resources available.

“One such untapped resource is the development cohort, who, once adequately trained in security best practices, can help curb code-level vulnerabilities and misconfigurations right at the source as they write software. While this won’t thwart every category of attack, it significantly reduces the overall risk profile and leads to a higher standard of code quality.

“Developers want to do the right thing, but traditionally, most organisations do not set them up for secure coding success. They need precision, hands-on training that mimics the issues they are likely to encounter in their workday, and tools that fit their complex workflows. The training should be agile, with the fluidity to upskill developers in an environment where change is the only constant. The advent of AI coding tools has only made this developer enablement more necessary, as we tackle poor coding patterns prevalent in both humans and LLMs.”

“Secure hardware plays a vital role in enhancing cyber security in a hybrid working model. When you have employees working in the airport lounge, in a cafe or at home, secure hardware, such as Logitech’s Bolt wireless technology, provides an additional layer of protection against cyber threats. Bolt uses secure encryption to protect the data transmitted between the device and the receiver. It also employs frequency hopping to avoid interference and eavesdropping. These features make it harder for hackers to intercept and manipulate data.

“In addition, Bolt uses secure booting to ensure that only authenticated firmware can run on the device. This prevents malware from infecting the device and compromising its security. Available on a range of Logitech peripherals from the Lift Vertical Ergonomic Mouse to the high-performance MX Series range, it’s a simple but powerful measure your business can take to enforce cybersecurity in the hybrid working model.”

“Cybersecurity is a constant race to see who will find the vulnerabilities in your systems first – you or the hackers. But it’s possible to stay one step ahead.

“Keeping up with the ever-changing threat landscape might seem daunting, but it just takes the right approach applied consistently.”

“We must accept that breaches are now inevitable and stop focusing only on trying to avoid them or recover from them once the damage is done. Breaches happen and are not going to stop happening. The only way we can truly address the problem is by ensuring organisations and government departments build resilience and protect sensitive information when a breach occurs through breach containment. Threats in Australia have been rising for a long time and we can’t keep applying the same security strategies and expecting a different result.

“We need a new security model. One that moves from cyber defence to cyber resilience. Every organisation needs to be able to see and proactively reduce all of their risks, particularly as our world grows increasingly hyperconnected, and isolate breaches quickly when they do occur. But this will require a shift away from the traditional ‘find and fix it’ cybersecurity approach to one focused on ‘limiting and containing’ the spread of breaches. The latter being the more effective ap’proach in building and maintaining resilience.”