Share this article on:
Opinion: For some, it’s never too early, and for others, we’ve only just reached December! But for hackers, it’s harvest time — the holiday season, writes Andrew Kay, APJ director of systems engineering at Illumio.
Regardless of how far out you approach the holidays, it’s clear from the string of cyber attacks and breaches in Australia and across the Asia-Pacific region that cyber criminals never stop. According to the Australian Cyber Security Centre’s (ACSC) latest threat report, the agency received 67,500 cyber crime reports in the 2020-21 financial year — up 13 per cent on the previous year. That equates to one report every eight minutes.
Attackers are always looking for the easiest way in and will continue to exploit holiday periods to launch attacks in the hope of finding security teams distracted and ill-prepared.
For many organisations, December and January are the most vulnerable months of the year. If Optus, Medibank, Energy Australia, and MyDeal are precursors, then understandably there is constant concern over what’s next and a need for more than detection and response after the fact.
But it doesn’t all have to be coal in stockings. Fortunately, there’s an opportunity to spread a little seasonal joy this year by helping organisations quickly improve their defences for the holiday season — and assuming breach will set you up to avoid unwanted gifts.
Why is it cyber crime season?
Ransomware is top of mind for any chief security officer these days. According to the ACSC, the average loss per incident grew 1.5 times over the previous financial year to reach more than $37,000.
In many cases, these costs are much higher.
It’s not just the direct cost of incidents that focus the attention of Asia-Pacific organisations. Insurance premiums are rocketing across the globe, and in many cases, best practice security measures are now a prerequisite for coverage.
Cyber criminals are increasingly looking to capitalise on understaffed IT departments during the holiday seasons. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that cyber attacks like Kaseya, JBS USA, and Colonial Pipeline have all happened during holiday weekends in the United States, for example.
However, ransomware is not the only threat facing organisations in the region. Theft of customer data and sensitive intellectual property is an ever-present risk in some of the busiest and most vulnerable verticals at this time of year — including retail, banking, telecoms and legal.
In retail and banking especially, this stolen customer data helps to fuel rampant fraud and account hijacking attempts. Many businesses emerging from lockdowns may be especially vulnerable to attacks.
Among the challenges they face defending attacks over December and January are:
Let the gift-giving commence
While it’s inevitable that there will be breaches over the coming holiday period, organisations can limit the impact of these with the help of zero trust segmentation.
Zero trust segmentation helps contain the spread of breaches and ransomware by continually visualising how workloads and devices are communicating, creating granular policies that only allow wanted and necessary communication, and automatically isolating breaches by restricting lateral movement proactively or during an active attack.
If you want to ensure your organisation is prepared and protected as much as possible from cyber attacks this holiday season, consider the following:
1) Give your boss the gift of risk reduction.
2) Give the hackers a lump of coal via strong zero trust segmentation.
3) Give your security operations (SecOps) team the gift that keeps on giving.
Threat actors will be primed and ready this holiday season. Make sure you are, too, with a security strategy to stop them in their tracks.