Last week, the Australian Cyber Security Centre (ACSC), Australia’s leading Government Agency for Cybersecurity, launched a new campaign to urge Australian families, businesses and organisations to strengthen their cyber defences and be alert to online threats. “New technologies in our pockets, homes and offices are bringing huge benefits, but as soon as these devices connect to the internet, they become vulnerable to compromise” notes Ms Abigail Bradshaw CSC, Head of the ACSC. These new developments in technology have provided cybercriminals with plenty of opportunities to target sensitive information across various organisations.
“Cybercriminals are relentless, operating around the clock and around the world, in a bid to stealdata and money from Australian businesses” notes Minister for Defence, Senator The Hon Linda Reynolds CSC. “Australians are reporting more than one cybercrime every 10 minutes, making it more important than ever that we all remain alert to the threat of cybercrime.” Indeed, MOQdigital regularly respond to requests for investigation and resolution assistance with regards to successful identity, phishing, and ransomware attacks on a weekly basis – these attacks can and do affect a variety of businesses in multiple ways.
Protecting your organisation’s information
The Federal Government has committed $124.9 million to strengthen law enforcement’s counter cybercrime capabilities, however these mitigations cannot entirely prevent successful attacks and it is important for all Australians to not only be aware of how best to protect their identities and data, but also how to successfully recover should an attack succeed.
To protect against cybercrime and cyberattacks, MOQdigital offers three top recommendations on protecting your personal and organisational information.
One of the most important aspects of securing your environment should be a robust Identity and Access Management (IAM) solution. The core objective of an IAM solution is to create a single, resilient, and secure digital identity per user which provides a strong and secure key for IT access decisions. IAM solutions are a suite of technologies designed to help businesses manage their internal and external user profiles, facilitate integration with third party solutions, ensure a high-level of protection of credentials, and to govern and protect the data and applications within an organisation which rely on these identities. These include components like single sign-on, multi-factor authentication, conditional access, and role-based access control, which enable organisations identify and manage both employee and customer user profiles. MOQdigital recommends a robust IAM solution be deployed, if not already done so, as this allows you to maintain control and security over who accesses your sensitive information, applications, and communications.
One of the most common methods hackers use to gain access to information and applications is via phishing - attempts to gather personal information or credentials by impersonating a legitimate brand or entity and sending users to a malicious website. An ACCC report noted that in 2020, the most reported cybercrime by far was phishing, with over 30,000 reported cases this year. A substantial number of these cases occurred through fake websites and emails. MOQdigital recommends that companies make their users and employees aware of the various forms of phishing, complete phishing awareness training for how to identify, deal with and report potential threats, and provide additional levels of protection using solutions such as Microsoft Exchange Online Protection (EOP) to combat the rising number and complexity in phishing attempts.
In addition to protecting against accidental or intentional loss, corruption or even physical disasters, data backups are also a legitimate security capability when responding to, or rebuilding following a successful attack. ACSC advise that “the best recovery method for a ransomware attack is a regular offline backup” – this offers peace of mind that you still retain access to your data, reduces the time to an operational and functional business, and that you can avoid the cost (and sometimes the prohibitive cost) of a ransomware pay-out which is not recommended by ACSC – “There is no guarantee you will regain access to your information. You may also be targeted for another attack.”
To ensure you have an adequate backup plan, ensure that you understand business critical data, including what can and cannot be replaced, and that you follow the recommended 3-2-1 backup philosophy of 3 copies of data using 2 different formats and 1 copy offsite. This approach ensures the best possible capability to recover from technical and physical threats, along with accidental and intentional deletion.
Web Filtering is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. These filters can be deployed in various ways and deliver solutions for institutional or enterprise use. They can block content as determined by quality of the site, by consulting known lists which document and categorise popular pages across all genres of content. Or they can evaluate the content of the page live and block it accordingly. MOQdigital recommends deploying a Web Filtering solution to your organisation if this has not already been done. It is an excellent tool to help prevent attacks or loss of security. Monitoring and filtering what employees share helps actively enforce IT policies as well as prevent data leakage.
The MOQdigital offer
Whatever your cybersecurity requirements, MOQdigital can provide security services specifically tailored to your enterprise’s needs. As a cybersecurity partner, we can conduct a full risk assessment of your environments , assist with deploying relevant security measures, and provide management and SOC response services associated with these security assets and systems. If you are interested in partnering with us, MOQdigital offers several different security workshops that can be tailored to your specific needs, alongside consulting services to assist with your governance, risk management and compliance needs. If you would like to know more about these workshops or how we can help, please contact us below.