• United States



The monumental shifts in Australia & New Zealand’s threat landscape

BrandPost By Rapid7
Jun 21, 20235 mins
CyberattacksThreat and Vulnerability Management
Shutterstock 1459422656
Credit: Shutterstock

Australia and New Zealand are currently undergoing a unprecedented surge in cyber attacks, with malicious actors rapidly exploiting newly discovered security vulnerabilities rapidly.

According to Rapid7’s Chief Scientist, Raj Samani, more than half of new vulnerabilities are exploited within a day.

This pace of attack is putting significant pressure on Chief Information Security Officers (CISOs) across both countries. Quicker intrusions using previously unknown vulnerabilities can also sometimes translate to longer delay in detection. News Corp recently disclosed an attacker had infiltrated its network and not been detected for two years.

The cybersecurity capability gap

A further complication in the current cybersecurity landscape is the capability gap. James Turner, the founder of CISO Lens, highlighted the struggle faced by smaller organisations in establishing a robust security posture due to scarce resources.

Large corporations, equipped with dedicated security teams, understand the risks and allocate investment accordingly, but small businesses often lack the capacity to develop mature security practices, thereby increasing their vulnerability.

How ransomware is still getting into businesses

As all CIOs know, ransomware remains a potent threat. However, what is less universally understood is how it capitalises on weaknesses in Remote Desktop Protocol (RDP) to infiltrate organisations.

The panic to facilitate remote work at the beginning of the COVID pandemic led to a significant increase in the usage of RDP - in fact, Rapid7 documented a five-fold increase in RDP port usage on the internet. This was partly due to a shortage of VPN licenses, forcing IT staff to enable RDP on servers to quickly facilitate remote access.

As cybersecurity regulations become more stringent, organisations will need to provide evidence of comprehensive security measures. As a result, more organisations are turning to Managed Detection and Response (MDR). According to Rapid7's Samani, this is translating into a significant increase in demand for managed security providers.

Don't underestimate unsophisticated threat actors

While most of the spotlight shines on advanced nation-state-backed threat actors, Healthscope CISO Varun Acharya cautions against ignoring unsophisticated actors - the otherwise unemployed hacker sitting in his bedroom fuelled by pizza and cola. These actors, by using sophisticated toolkits now readily available on the dark web, can easily gain access to personal information, making their activities potentially highly profitable.

Breadth of breaches and common mistakes

Security breaches aren’t restricted to large corporations; they also significantly impact small to medium-sized businesses. Shanna Daly, Principal Consultant at Cosive, underscores instances where cybercriminals have successfully targeted real estate agencies, manipulated house deposit and refund transactions to be diverted to their accounts, and compromised other sensitive data.

Organisations of all sizes often encounter problems when transitioning their systems to the cloud, primarily due to misunderstandings about different cloud providers. For example, mistakes such as leaving AWS S3 buckets publicly accessible have led to numerous data breaches.

Rapid7's Samani further warns against a false sense of security arising from cloud providers’ assurances. Even though clients of cloud providers may be outsourcing cloud infrastructure to reputable providers, they will still be left carrying the legal and reputational damage if something goes wrong.

Risks in hasty digital transformation

The sudden need to enable remote work has often led organisations to compromise on security. This urgency to ensure business continuity, while neglecting security, places CISOs in a precarious position, potentially turning their actions into career liabilities, according to Samani.

While business leaders may say they accept risks of insecure technology rollouts (like the enablement of RDP on servers to facilitate remote work at the beginning of the pandemic), those leaders will often be unwilling to shoulder the fallout if risks come to fruition. This is where the CISO acronym can come to be understood as "Career Is So Over!", quips Rapid7's Samani, emphasising the importance of standing your ground on prudent security practices no matter what pressure is being applied.

Addressing the risks

Organisations are slowly but surely reviewing and addressing the technical changes and risks associated with remote work to stabilise their operations.

Mature organisations, backed by ample resources, have been investing significantly in security measures and providing adequate support to their teams.

However, small to medium businesses, due to a lack of understanding and resources, remain underprepared to manage these risks effectively.

After the major cyber breaches of the last few years in Australia, regulatory scrutiny is ramping up significantly, imposing significant fines and personal liability for directors. Rapid7 advises investing in security infrastructure - and if your business doesn't have the in-house expertise, seeking advise to do it, look to third parties who can assist.

Find out more about how Rapid7 is helping organisations protect their security landscape.