Australia and New Zealand are currently undergoing a unprecedented surge in cyber attacks, with malicious actors rapidly exploiting newly discovered security vulnerabilities rapidly.\n\nAccording to Rapid7's Chief Scientist, Raj Samani, more than half of new vulnerabilities are exploited within a day.\n\nThis pace of attack is putting significant pressure on Chief Information Security Officers (CISOs) across both countries. Quicker intrusions using previously unknown vulnerabilities can also sometimes translate to longer delay in detection. News Corp recently disclosed an attacker had infiltrated its network and not been detected for two years.\n\n\n\n\nThe cybersecurity capability gap\n\nA further complication in the current cybersecurity landscape is the capability gap. James Turner, the founder of CISO Lens, highlighted the struggle faced by smaller organisations in establishing a robust security posture due to scarce resources.\n\nLarge corporations, equipped with dedicated security teams, understand the risks and allocate investment accordingly, but small businesses often lack the capacity to develop mature security practices, thereby increasing their vulnerability.\n\nHow ransomware is still getting into businesses\n\nAs all CIOs know, ransomware remains a potent threat. However, what is less universally understood is how it capitalises on weaknesses in Remote Desktop Protocol (RDP) to infiltrate organisations.\n\nThe panic to facilitate remote work at the beginning of the COVID pandemic led to a significant increase in the usage of RDP \u2013 in fact, Rapid7 documented a five-fold increase in RDP port usage on the internet. This was partly due to a shortage of VPN licenses, forcing IT staff to enable RDP on servers to quickly facilitate remote access.\n\nAs cybersecurity regulations become more stringent, organisations will need to provide evidence of comprehensive security measures. As a result, more organisations are turning to Managed Detection and Response (MDR). According to Rapid7\u2019s Samani, this is translating into a significant increase in demand for managed security providers.\n\nDon\u2019t underestimate unsophisticated threat actors\n\nWhile most of the spotlight shines on advanced nation-state-backed threat actors, Healthscope CISO Varun Acharya cautions against ignoring unsophisticated actors \u2013 the otherwise unemployed hacker sitting in his bedroom fuelled by pizza and cola. These actors, by using sophisticated toolkits now readily available on the dark web, can easily gain access to personal information, making their activities potentially highly profitable.\n\nBreadth of breaches and common mistakes\n\nSecurity breaches aren't restricted to large corporations; they also significantly impact small to medium-sized businesses. Shanna Daly, Principal Consultant at Cosive, underscores instances where cybercriminals have successfully targeted real estate agencies, manipulated house deposit and refund transactions to be diverted to their accounts, and compromised other sensitive data.\n\nOrganisations of all sizes often encounter problems when transitioning their systems to the cloud, primarily due to misunderstandings about different cloud providers. For example, mistakes such as leaving AWS S3 buckets publicly accessible have led to numerous data breaches.\n\nRapid7\u2019s Samani further warns against a false sense of security arising from cloud providers' assurances. Even though clients of cloud providers may be outsourcing cloud infrastructure to reputable providers, they will still be left carrying the legal and reputational damage if something goes wrong.\n\nRisks in hasty digital transformation\n\nThe sudden need to enable remote work has often led organisations to compromise on security. This urgency to ensure business continuity, while neglecting security, places CISOs in a precarious position, potentially turning their actions into career liabilities, according to Samani.\n\nWhile business leaders may say they accept risks of insecure technology rollouts (like the enablement of RDP on servers to facilitate remote work at the beginning of the pandemic), those leaders will often be unwilling to shoulder the fallout if risks come to fruition. This is where the CISO acronym can come to be understood as \u201cCareer Is So Over!\u201d, quips Rapid7\u2019s Samani, emphasising the importance of standing your ground on prudent security practices no matter what pressure is being applied.\n\nAddressing the risks\n\nOrganisations are slowly but surely reviewing and addressing the technical changes and risks associated with remote work to stabilise their operations.\n\nMature organisations, backed by ample resources, have been investing significantly in security measures and providing adequate support to their teams.\n\nHowever, small to medium businesses, due to a lack of understanding and resources, remain underprepared to manage these risks effectively.\n\nAfter the major cyber breaches of the last few years in Australia, regulatory scrutiny is ramping up significantly, imposing significant fines and personal liability for directors. Rapid7 advises investing in security infrastructure \u2013 and if your business doesn\u2019t have the in-house expertise, seeking advise to do it, look to third parties who can assist.\n\nFind out more about how Rapid7 is helping organisations protect their security landscape.