Despite recent lockdowns, it can be said that Australia has managed the COVID-19 pandemic relatively well.
The same cannot be said about the cyber-attack pandemic, however.
Global cyber intrusions Accenture responded to in the first half of 2021 were 125% higher than the same period last year, according to Accenture's Cyber Investigations, Forensics & Response (CIFR) team. Three countries suffered more than 70% of these incidents, with the US targeted 36% of the time, followed by the UK (24%) and Australia (11%) in third place.
It's not a coincidence that these three countries share English as their native tongue. English is not only the global business language; it's also the global cybercrime language. In addition to being an English speaking country, Australia has other characteristics that make it attractive to cybercriminals.
We have a prosperous economy that relies heavily on digital systems for our everyday lives, and, due to our relative geographical isolation, hackers sometimes use us as a testing ground. Cybercriminals know it will take longer for tactics trialled and mistakes made in Australia to be shared globally, so it makes sense that they explore ideas here first before taking them to bigger markets.
The cybercrime business model has also evolved. Criminal groups have grown from small cells of four or five individuals to business-like operations that recruit and coordinate hundreds of hackers. These groups are becoming so sophisticated that they are using PR-like tactics such as leaking information directly to journalists in the hope of generating news and heighten pressure on the companies to pay the ransom or meet the extortion demands.
It's hard to pinpoint the influence of nation-states in the evolution of this ecosystem, but it is clear that some nation-states' objectives are aligned with those of the criminals. It's also clear that a cybercriminal from a nation without an extradition treaty with Australia will never be punished or deported for committing a cybercrime here.
The criminals in these countries face minimal risk, provided they don't commit attacks domestically. The fact that governments of some countries have little incentive to crack down on cybercriminals who attack rival nations means that global collaboration on addressing this issue is unlikely, at least in the short term.
Based on what our CIFR team has learned from the response engagements we’ve worked on in Australia recently, there are three things we think companies should do differently to increase their resilience to ransomware attacks:
Most organisations are surprised by the sophistication of cybercriminals. Cyber attacks are a threat, not a risk, and business leaders need to understand and gather information in real-time about what is happening across their organisation and the ecosystem. Current threat intelligence is key.
- Ramp up defences
From monitoring to automation, from big to small, there are many services in the market that ensure organisations are prepared to respond to threats and avoid worst-case scenarios. Position yourself to be able to defend your network actively. Have strong security monitoring solutions and have an endpoint detection and response capability to detect and contain threats across the organisation at speed and at scale.
No cybersecurity solution can eliminate the risk entirely. Every organisation needs to be ready for an attack and have a response plan in place that enables the company to continue operations as soon as possible. Recovery is essential not only in ensuring business continuity, but also to strengthen the company's position when facing extortion, minimising reputational damage and reducing recovery costs.
Unlike the COVID-19 pandemic, there are no vaccines for this cyber epidemic. As digital transformation accelerates across the economy, cybercriminals will increasingly develop new tactics and approaches. Countries and business leaders will have to learn to live with this new normal for years to come, and it is imperative that effective risk management plans and strong defences are in place or the consequences can be dire.