The devastating string of recent data breaches highlights the need for organizations to step up their efforts to minimize human errors that give malicious cyberattackers a foot in the digital door.
The number of cyberattacks against Australian organizations continues to climb, with the Australian Cyber Security Centre receiving more than 67,500 cybercrime reports in the 2020-21 financial year, a jump of nearly 13 per cent from the previous financial year. The increasing frequency of cybercriminal activity is compounded by the greater complexity and sophistication of their operations. The accessibility of cybercrime services – such as ransomware-as-a-service – increasingly opens the market to a growing number of malicious actors without significant technical expertise or sizeable financial investment.
At the same time, the average cost of a cyber data breach in Australia continues to rise – totaling $US4.24 million, or $US180 per lost or stolen record, according to IBM’s 2021Cost of a Data Breach report.
While zero-day vulnerabilities and high-tech exploits are always a threat, many cybersecurity attacks still rely on tried-and-true social engineering tricks that take advantage of people’s trusting nature. A third of all attacks included in IBM’s report were attributed to phishing attacks or stolen/compromised credentials.
While organizations can invest in security awareness training, at the end of the day it only takes a single lapse in concentration from one staff member – opening an infected attachment or clicking on a malicious link – for an entire organization to be compromised.
Prevention is the best cure and ensuring that such malicious emails never reach the inbox of their intended targets is the best approach. Multiple layers of protection must work in unison, rather than putting absolute faith in one particular technology, tool or policy.
As part of this multi-layered defense, organizations also need to take advantage of highly automated intelligent software designed to automate security more efficiently and effectively than people or standalone tools can do alone. Automation can handle repetitive tasks, improve efficiency and reduce risks introduced through human error.
One of the biggest mistakes organizations make is underestimating the impact that the average user can have on their security, says Danny Maher, CEO and managing director of cybersecurity-as-a-service provider FirstWave.
It is easy to make the mistake of focusing security spend and efforts on the IT department, Maher says, without stopping to consider that every single person in the organization presents a potential attack vector.
‘‘It could be your IT manager, it could be your receptionist, but the impact to the business is severe no matter who clicks on the wrong link, so they all deserve your attention,’’ he says.
‘‘With FirstWave’s platform, establishing carrier-grade protection takes only a few minutes and is very low cost, making world-class security accessible for every organization.’’
Danny Maher
‘‘The majority of attacks are coming via malicious emails. You may have thousands of employees, and try your best to educate them with cyber awareness training, but it only takes one person to make a mistake and you’re in a world of hurt – the best defense is to block the email before it even reaches them.’’
In January 2022, FirstWave acquired Opmantek, a leading provider of enterprise-grade network management, automation and IT audit software, to add to its portfolio of service provider-grade email and web security products. FirstWave’s software is used by Microsoft and a host of Australian corporations, government departments and telecommunications providers. Organizations of all sizes and technical capability require access to security, ensuring spending is proportionate to the risk and is delivering appropriate protection against threats, Maher says.
‘‘It’s well established that the majority of attacks are coming via email and that is why we launched service provider-grade email security in a cloud-based offering,’’ Maher says.
‘‘It is accessible to everyone with nothing to install; you simply need one person in your organization to sign up and pay a trivial amount of money per user per month. It’s about providing easy access to a high level of protection for every organization at the click of a button.’’
The challenges of ongoing geopolitical uncertainty mean that every Australian organization is under threat and must take action on their security.
‘‘Whether we want to admit it or not, Australia is caught up in a cyberwar where every organization is a target,’’ Maher says.
‘‘Generally speaking, the perpetrators are not launching a frontal attack against your firewall, they’re attacking via email. With FirstWave’s platform, establishing carrier-grade protection takes only a few minutes and is very low cost, making world-class security accessible for every organization.’’
Originally published by Australian Financial Review (AFR) on 31 October 2022.
