Cyber-attacks are becoming more frequent, hackers are becoming smarter, and their attacks are becoming more sophisticated and programmed.
In 2019, ACIC reported that cybercrime costs the Australian economy up to $1 billion annually in direct costs alone. According to Carbon Black, 81% of organisations reported seeing an increase in attacks in 2019. The same source reports that 88% of organisations claim that attacks are becoming more sophisticated. The truth is there in black and white. Businesses need to rise up to the challenges being placed on them by expert cybersecurity threats and the best way to do so is through thorough cybersecurity education.
Keeping your business in safer waters means that you need to evolve with technology and keep systems up to date. We have identified some common vulnerabilities that are effectively allowing hackers to do what they do best.
Out Of Date Systems
Windows 7 End Of Life
If you are still running Windows 7, you will soon be running an out of date system. As of the 14th of January 2020, Microsoft will no longer be supporting Windows 7. Security updates and support will no longer be offered, which means that your system will still work, but it will become vulnerable to cyber threats, viruses and security issues. Software updates, technical support and security updates will no longer be offered by Microsoft.
Windows Server 2008 R2 End Of Life
Windows Server 2008 R2 end of life is also set for the 14th of January 2020, however mainstream support already ended on the 15th of January 2015. As with Windows 7, no further patches will be applied to security issues or vulnerabilities. Software updates will no longer be available, and neither will technical support. This basically leaves your entire infrastructure exposed to all potential threats with no recourse available.
SQL Server 2008 End Of Life
Support for SQL Server 2008 ended on the 9th of July 2019. Already, anyone running this out of date version will have unprotected applications and infrastructure. There will be no further security updates, which means you could be unaware of potential threats that already exist. Microsoft recommends migrating all Windows Server and SQL Server applications to Azure as soon as possible for security and compliance purposes.
“According to the 2017/2018 BDO and AusCERT Cyber Security Survey, the top three cyber security incidents experienced by Australian and New Zealand organisations were ransomware (17.8%), phishing (19.3%), and malware (17.9%).” These attacks infiltrate systems so much easier when they are out of date and vulnerabilities present themselves. In the case of out-of-date software, it is simply an invitation for cyber threats.
No Email Filtering
According to a Telstra Security Report in 2019, “56% of Australian businesses that reported a security attack, have experienced Business Email Compromise (BEC) on a weekly, monthly or quarterly basis.”
Email filtering services can help prevent these attacks, as can empowering your employees with cybersecurity education. Email filtering is a service that detects malicious content and spam before it reaches your inbox. Not only does this improve performance and eliminate unnecessary bandwidth usage, but it offers an additional layer of sophisticated protection for your business.
Lack Of Conditional Access Or Multi-Factor Authentication
According to Symantec in 2018, malicious software, unauthorised bank access and unauthorised email access were the primary cybercrimes experienced in Australia. This can be overcome by implementing conditional access or multi-factor authentication for the business. Using user and device identity, conditional access will allow your business to restrict or allow access according to how organisational policies have been aligned.
In order to access certain aspects of the business infrastructure, certain actions need to be performed. Conditional access will validate a range of signals to determine if there is any risk associated with the request. These signals can include user, location, device, application etc.
Lack Of Cybersecurity Education
Cybersecurity education should be at the core of every business. With threats on the rise and attacks becoming more advanced, keeping your employees informed and empowered is a necessity. Human error often accounts for a large percentage of data breaches, simply by creating the opportunities that make them possible. In fact, OAIC reported in their 2019 quarterly data breach report that of all reported incidents human error accounted for 33-37% of them. System error was 3-6% and malicious attacks were 57-64%.
There are multiple cybersecurity education facilities that enable organisations to educate their employees on the intricacies of attacks in different areas of the business. Some educational facilities will teach you how to think like a hacker so that you can test your systems for any vulnerabilities that might normally go unnoticed.
In addition to that, the number of experienced hackers is on the increase. To counterbalance the growing risk, the number of trained cybersecurity professionals needs to develop too. It’s worth creating roles within your business to support cybersecurity professionals and strengthen your workforce.
According to Carbon Black: in 2019, 65% of Australian organisations were actively threat hunting. Of these businesses, 26% had been doing so for more than 12 months. For those who had seriously committed to threat hunting for over a year, 92% reported that it had strengthened their defences against cybercrime.
The numbers speak for themselves, but fear mongering is not the intention. It is rather a call to make smarter business decisions that are backed up by the latest technology and security protocols.
Don’t become a statistic
Cyber threats exist due to lack of secure infrastructure and cybersecurity education. We are here to help you stay informed.