Protect and Recover: cyber attacks are underway every day

Cyber attacks are not uncommon, but their rising frequency and targeted approach is reason for concern.

KPMG’s global cyber intelligence team has also seen a global increase in cyber activity since the start of COVID-19, and targeted cyber campaigns are affecting a broad range of businesses in Australia

Protection is always going to be better than remediation so it very important you look carefully at, improve and update and continually monitor your cyber security. The alert released by the government is just the tip of the iceberg – cyber attacks are underway every day. Outside this specific advisory, organisations should have ongoing threat intelligence and threat hunting in place to ensure they are quickly alerted to and can block cyber threats.

There are four steps your organisation can take to protect and, if required, recover from a cyber attack.

  • Assess your environment for compromise
  • Protect business information
  • Increase and test your business resilience
  • Boost internal cyber security awareness

Step 1. Assess your environment for compromise

The Australia Government released a detailed advisory on the state-based attack. This article provides the indicators of compromise (IOCs) – the IOCs identify the common files, URLs, email senders the threat actors use to infiltrate a business environment.

To begin you should review the IOCs to determine if your environment has been compromised and implement blocking mechanisms on these (e.g. block the email senders at your email filter).

Review your system logs, especially on internet facing devices, to determine if there are any activities underway or historically in your environment.

Step 2. Protect business information

Proactively patch all your systems starting with critical patches first. Your first priority should be your internet facing infrastructure, including web servers, email servers, Citrix and remote desktop, remote access and firewalls.

Implement multi factor authentication (MFA) on critical access points such as remote access, privileged accounts, VPNs and critical business applications or processes, such as cloud platforms.

Step 3. Improve and test your business resilience

Cyber actors thrive on stealth and don’t always announce their presence immediately. Once cyber threat actors enter a business environment, they can persist undetected for months, or even years. Hosting your business technology services in the cloud doesn’t automatically protect you as the cloud is not immune to ransomware or many other common cyber attacks.

First, you need to ensure all your critical business data is backed up, the backup is verified to be working and the backup copy is accessible from an offsite or alternate location (not linked to your current network). In this case at least if you are compromised, you can recover more easily.

Secondly, you need to test your business resilience processes for cyber attacks. You need to be able to answer these questions:

  • How would you respond to a cyber attack? Who needs to be involved?
  • Who will you engage quickly to help you respond technically, legally and from a public relations perspective?
  • Who and how will you communicate to the business, end-users, customers and the Board? Who needs to be involved in that communication process and what role will each person play?
  • How much data could you afford to lose? And what technical architecture would you need to put in place to minimise the risk of information loss to a level the business accepts?
  • Have you tested your environment to determine the weakest entry points through a red teaming exercise?
  • Have you tested a range of cyber breach scenarios such as Distributed Denial of Service (DDOS), phishing attack, third party breach and ransomware attack?

Step 4 – Boost internal cyber security awareness

From our work assessing cyber maturity at many organisations in Australia, we often see low maturity for cyber security awareness. This is a critical aspect of cyber security resilience: ensuring ‘people’ related risks are managed and minimised.

People are often seen as the weakest link, simply because humans are fallible. Take a risk-based approach and classify your people into threat groups such as executives, users with privileged system access and general user population, so you can target and optimise your awareness program.

Regularly reminding staff to be vigilant, such as through the use of cyber risk alerts, is an important mechanism for a constantly changing threat landscape.

A cyber breach can, in the click of a mouse, impact the fundamental workings of your business. Now is not the time to ignore its importance.


Add a comment