While the capability of cybersecurity tools continues to rapidly increase, there is no room for complacency within the organisations deploying them.
Recent experience shows that some organisations with significant protective measures in place can unfortunately, still fall victim to a determined cybercriminal. High-profile victims such as Medibank and Latitude Financial had sophisticated security infrastructures, but still suffered significant losses.
A chink in the armour
Experience shows security weaknesses can occur because of unintended actions taken by an organisation’s staff members. They may have no nefarious intent, but they still allow an attacker to gain access into an IT infrastructure.
For example, it might be a simple as an attacker handing a receptionist a USB key they claim to have found in the carpark. The receptionist plugs it into a PC to check its contents and that action triggers malware which enters the network.
In other cases, staff have linked their work email account to a private web-based account for easier remote access. However, if that private account is compromised, it can allow an attacker to gain unfettered access to corporate resources. This was how Cisco was breached last year when a staff member’s personal Gmail account was successfully attacked.
Issues can also occur within organisations where senior management is reluctant to make ongoing investments in their security infrastructure. Because they have not yet experienced an attack or data breach, they misguidedly believe one will never occur.
This attitude usually changes rapidly when a hacker breaks into a network and causes disruption or loss. It becomes clear that the benefits of additional security measures far outweigh the losses that might occur without them.
Security risks of AI
There are also security risks when it comes to the use of AI. Following the public launch of tools such as ChatGPT, interest has grown in how they can be put to work as a business tool. Increasing numbers of organisations are linking their applications to the tools to streamline workflows and gain insights into data.
Unless care is taken to ensure the links with the tools are completely locked down, an attack on the tools themselves may result in a cybercriminal gaining access to the application source code. This, in turn, could result in the exfiltration of sensitive data or even the embedding of supply-chain exploits within the application itself.
This is why a ‘shift-left’ approach of integrating security sooner in the development process, rather than tacking it on the end, is generally a recommended best practice to ensure better code integrity outcomes.
Improving security defences
For organisations unsure of where to start when it comes to improving their IT security posture, many find guidance from the Australian Cyber Security Centre’s Essential Eight. This framework comprises eight mitigation strategies:
- Application control
- Patching applications
- Configuring Microsoft Office macro settings
- User application hardening
- Restriction of administrative privileges
- Patching operating systems
- Multi-factor authentication
- Regular data backups
Each strategy is explained in detail and recommendations given of how to put them into practice. If an organisation does little else in terms of deploying security tools, this represents a solid first step.
Another important area is user education. An organisation’s staff need to clearly understand their key role in keeping the IT infrastructure safe. Regular reminders of techniques such a phishing campaigns and malicious attachments are vital together with security courses of classes on how to spot and prevent such attacks through vigilance.
Test, test, test
A further way in which an organisation can ensure the efficacy of its IT security infrastructure is through testing. Regular testing will uncover any gaps in protection or whether any groups are bypassing existing security measures and doing their own thing.
Testing can be undertaken in a number of different ways. An important one is penetration testing which determines whether an IT infrastructure’s perimeter is robust and able to withstand attacks.
It can also be worth undertaking table-top exercises. Similar to a fire drill, these exercises ensure that all stakeholders know what to do in the case of a cyber incident. Security teams should also undertake regular vulnerability assessments to counter the threat of zero-day exploits.
Testing can also determine precisely how many devices are connecting to a network and whether they have received the most recent security patches. All it takes is for one unpatched device to become infected and the ramifications for the entire infrastructure can be dire.
It’s also important for testing to cover all prevention-first security measures that have been incorporated into an organisation’s IT infrastructure. These measures proactively guard against intrusion and attacks, reducing the chances of loss and disruption.
An effective prevention-first security strategy needs to have three core attributes. It must be comprehensive to protect against a wide variety of cyberthreats, consolidated to reduce complexity and increase protection, and collaborative so that all security measures work together as a cohesive whole.
Achieving cybersecurity efficacy should be a core goal for every organisation. By taking the steps outlined above, security teams will be well placed to deliver the protective measures required to reduce the chances of disruption and loss.