What can we learn from the recent spate of cyber attacks in Australia?
Making the news is generally not a good thing. Planes that don’t crash, cars that don’t collide, and networks that work flawlessly are usually not that newsworthy. And you may have noticed that cyber security has been in the news quite a bit lately, especially after the recent series of high profile cyber-attacks in Australia and overseas.
Cyber security hasn’t always been front page news, so what has changed? And what can we do about it?
Is this part of the “new normal”?
One might wonder if these events are part of the post-pandemic “new normal”, and it is certainly true that the surge in remote and home-based working has created tempting openings for malicious actors. However, the deeper and more fundamental truth is that the cyber security landscape continually evolves as circumstances change, new attack methods are developed, and new threat actors emerge. The upshot of all this is that cyber security advice and defence will also evolve over time.
Some useful analogies
The dynamics of the COVID-19 pandemic and cyber safety have a great deal in common and we can improve our understanding with some useful analogies.
|Prevention is much better than cure.
Very much as in healthcare, the inconvenience and disruption associated with removing and repairing a malware infection is vastly greater than any inconvenience imposed by prevention strategies.
|Experts are working very hard to keep everyone safe, and everyone needs to play their part in controlling the spread of viruses.
Your IT provider routinely prevents attempted cyber-attacks from reaching your systems through network monitoring, firewalls, and other techniques. Nonetheless, some malicious content will occasionally breach these defences, so general security awareness by everyone is an important protective factor.
To lift security awareness across the health sector, we have developed a free Digital Health Security Awareness eLearning course, specifically designed to meet the needs of Australian healthcare providers.
|Viruses evolve and may eventually require updated vaccines and treatments. The basic principles of hygiene remain a foundational protective measure against infection.
Cyber-attacks are likewise evolving as malicious actors seek new ways to evade existing defences. As a result, cyber safety advice will continue to evolve over time.
“Cyber hygiene” is fundamental to ensuring cyber safety, i.e. minimising unnecessary connections, isolating suspected cases of infection, and endeavouring to reduce the risk of exposure to contagion.
Interpol have developed a striking security awareness campaign based on this theme.
What treatments are available for protection?
According to Microsoft, implementing multi-factor authentication (MFA) across your organisation can block over 99.9% of attacks on your user accounts.1 This robust security solution is increasingly being offered to help individual and organisations protect their valuable information.
However, just 29% of Australian businesses surveyed in 20192 and 18% of individuals in 20203 were always using MFA, well behind many other countries in this regard.
How does MFA work?
MFA requires the user to supply a different form of authentication in addition to a password in order to access your network. MFA is a powerful defence against most forms of password attack (e.g. brute force, password spraying, or credential dumping) because the password by itself is no longer sufficient to enable access.
This greatly complicates matters for any would-be attacker, and greatly enhances your system’s ability to securely authenticate users.
Implementing MFA can take some time to get used to, but it’s a sound investment in your online security and peace of mind.
1. Microsoft (August 2019) One simple action you can take to prevent 99.9 percent of attacks on your accounts
2. LastPass (October 2019) 2019 Global Password Security Report
3. JWS Research (September 2020) Cyber Security Research Report