CSO Australia recently asked a panel of experts about the evolving threat landscape in Australia and New Zealand. Their insights showed that it has never been as challenging as it is today. Watch here.
The threat landscape in Australia and New Zealand is experiencing unprecedented challenges, with threat actors exploiting vulnerabilities at an alarming rate. According to Rapid7's Chief Scientist, Raj Samani, over half (51.4%) are exploited in less than a day.
“Threat actors are raising the stakes against Australian and New Zealand CISOs by weaponising exploits and leveraging them for attacks a lot quicker,” Samani told CSO Australia.
“That’s leading to more organisations getting compromised, and in some cases not detecting it. News Corp’s recent intrusion saw actors inside their network for two years before the organisation even found out about it,” he said.
Cybersecurity Capability Gap
Australia and New Zealand face a cybersecurity capability gap, as noted by James Turner, founder of CISO Lens. Large organisations with dedicated security teams understand the risks and invest accordingly. However, smaller organisations often lack resources and struggle to develop a mature security posture.
“Smaller organisations can only dream of having dedicated security people. There’s also been no external driver to push them to develop a mature security posture,” Turner said.
“Without that, they don’t tend to make informed choices, so they use software not fit for purpose and end up having a rough time of it.”
Ransomware: the great equaliser
Ransomware has become a great equaliser in cyber threats. Raj Samani highlighted how ransomware operators exploit Remote Desktop Protocol (RDP) to target organisations.
“Regulation is shifting toward requiring organisations to demonstrate that they've got the appropriate measures in place, which is why we’re seeing such growth in Managed Detection and Response (MDR) and managed security providers,” he says.
Unsophisticated threat actors
While attention is often focused on sophisticated nation-state-sponsored threat actors, Varun Acharya, CISO of Healthscope, warns against overlooking unsophisticated actors.
“The availability of information on the internet on how to skill yourself up makes it easy for anyone in the basement with enough Diet Coke and pizza to figure out how to exploit something that's quite unsophisticated.
“That’s potentially extremely profitable – leaked personally identifying information is valuable and malicious actors are looking to make money out of that,” he says.
Breaches and common mistakes
Breaches extend beyond large enterprises, impacting small to medium-sized businesses. Shanna Daly, Principal Consultant at Cosive, highlights instances where cybercriminals have targeted real estate agencies, manipulated transactions and compromised sensitive data.
“Organisations commonly trip up when trying to migrate their systems to the cloud. They often don’t have sufficient knowledge about different cloud providers – for example the many data breaches that have occurred because AWS S3 buckets left publicly accessible.”
Businesses often fall into a false sense of security due to assurances from cloud providers. Samani stresses, “Many companies will turn around and say, ‘our security is fine. We're using a big provider with a great reputation.’ But ultimately, you're still responsible. While you might be outsourcing work, you cannot outsource the risk.”
Remote Desktop Protocol (RDP) Vulnerabilities
The pandemic led to a substantial increase in the use of Remote Desktop Protocol (RDP). Samani noted a five-fold surge in the number of ports used for RDP on the internet.
“The number of organisations that had to quickly pivot from being in the office to remote working was pretty much every organisation on the planet. Unfortunately, they did that by keeping the back door open,” Samani said.
Cosive’s Shanna Daly agreed it was rampant. “Many organisations simply didn't have enough VPN licences, so their IT staff were allowing them to RDP into servers to get remote access in whatever way was necessary to keep the business running.”
When CISO stands for “Career So Over”
The pandemic forced businesses to adopt remote work practices rapidly. However, in their haste to ensure business continuity, many compromised security. Samani explains,
“Many organisations did that in a way that was the shortest path possible – insecurely. As security people we advised clients not to do that, but organisations were just willing to accept the risks.
“I often say that CISO stands for ‘Career So Over’ because typically, you're the one that's held responsible if there’s a breach. Even when a business says it wants to accept the risk, it doesn’t want to own that risk if it is realised.”
Addressing the Risks
Gradually, organisations have begun evaluating and addressing the technical changes and risks associated with remote work in a bid to stabilise their operations. Mature organisations are investing in security measures and providing support to their teams. However, smaller organisations remain unaware of the risks they face and are ill-prepared to mitigate them effectively. Regulatory scrutiny and increased investments in security infrastructure are necessary to bridge the cybersecurity capability gap and protect businesses from the rising tide of threats.
Look out for part two. You can download the vulnerability report here.