After a testing year of security breaches and cyber attacks around the world, Datacom’s Director Cybersecurity Matthew Evetts shares insights into the tools and protocols that can help organisations keep their people and their data safe.

In many ways, you could call 2021 the year of ransomware. Never before have we seen so many high-profile attacks dominating media worldwide, and there’s been no shortage of local examples to show just how disruptive and crippling these attacks can be to an organisation’s day-to-day operations.

This has been compounded by the added security risk of having large numbers of employees working from home. With the line between work and home blurred, organisations have had to race to implement new security measures — all while juggling the added complexity of new operating models in an uncertain market.

According to the National Cyber Security Centre (NCSC), New Zealand saw a sharp increase in recorded criminal activity (27 per cent) over the past year, with incidents up 14 per cent on the year prior.* In Australia, the situation was equally concerning with the Australian Cyber Security Centre (ACSC) recording a 15 per cent increase in ransomware cybercrime reports.**

At Datacom, we have a team of more than 300 security experts who work closely with our customers to help them respond to these risks, build their resilience and better understand their cybersecurity risk profile to ensure the three key areas of people, process and technology are working for them, not against them.

While there is no silver bullet or one-size-fits-all approach when it comes to protecting an organisation against a ransomware attack, there are several steps organisations can take to ensure they aren’t leaving themselves vulnerable.

Practise good cybersecurity hygiene

Good cybersecurity hygiene means getting the basics right. Even in 2021, cybercriminals still routinely exploit well-known vulnerabilities to carry out their attacks. Even more concerning is that often organisations don’t even know they’ve been breached: according to a recent IBM report***, on average, security teams take 212 days to identify a breach and a further 75 days to contain it.

Practising good cybersecurity hygiene doesn’t need to be difficult. Patch your systems regularly, implement multi-factor authentication (MFA), enforce password best practice and ensure your organisation carries out regular penetration testing of web-facing applications and platforms so you can identify and remedy vulnerabilities before they are used against you.

It’s also crucial that organisations get into the rhythm of backing up data on a regular basis and consider storing data in the cloud. When an organisation is targeted by a ransomware attack, there is no bigger regret than not having recently backed up data. It is often a key decider as to how quickly a business can get back on its feet. It goes without saying that organisations that don’t back up regularly—and test that these backups work—are leaving themselves very vulnerable.

Adopt a zero-trust approach

New vulnerabilities and risks are opening up all the time. One cause is increasingly complex and highly connected tech ecosystems; another is the fact that so many organisations now have employees working from home, often on unsecured wifi networks and devices. The zero-trust approach is increasingly being considered as a response to these challenges.

In practical terms, it means your organisation doesn’t automatically trust anything inside or outside its perimeter. Everything and everyone must be verified before it can connect to or traverse your ecosystem. It’s about much more than network security architecture: it’s about policies and incident response protocols, new approaches to device and service access control and making sure employees can spot phishing attacks and attempts at identity theft. It’s also about keeping people safe by offering multi-factor authentication and password-less access. Ultimately nothing is trusted just because it’s been trusted before—everything is questioned to help protect your organisation and staff. However, for zero trust to be effective, the drive for technical change needs to be balanced with a focus on cultural change.

Create a culture of cyber awareness

People really are the first line of defence when it comes to security. While many organisations have already started the process of making cybersecurity awareness part of their regular employee outreach and engagement, some are still lagging.

Ensuring your employees know how to spot the signs of phishing, encouraging them to think twice before clicking on a link or responding to an urgent request for invoice payment is hugely important. The better an organisation’s cybersecurity culture is, the better protected it is. At Datacom, we conduct regular employee awareness programmes and phishing attack simulation exercises, and all staff complete ongoing mandatory cyber training.

Increase coverage and visibility

One of the shortfalls we see most often in otherwise relatively secure organisations is insufficient coverage of their environment with appropriate security controls and tools, coupled with a lack of visibility on what’s going on in the environment. Not knowing what might have been missed is what keeps decision makers awake at night. We address this problem in a range of ways, but the basics include an endpoint protection and response (EDR) and vulnerability management capability, managed by a cyber defence operations centre that can interpret what they see, continue to tune tools and respond when they need to.

Vulnerability management involves tools and services that continually highlight where you have gaps and allow you to take the necessary precautions, particularly in relation to unpatched systems and vulnerable protocols.

A market-leading EDR platform is a critical line of defence when email security and user training has already failed or when attackers directly target endpoints. Endpoint protection works by actively looking for anomalies, not just already known malware, and they allow security experts to quickly respond to incidents (over and above the automatic response already built into these tools).

Visibility of your environment is also key, but many organisations simply don’t have the resource or tools to implement a 24/7 watch of their assets. This is where managed security services come in. With always-on monitoring of our customers’ networks, provided by our Security Operations Centre spread across Australia and New Zealand, we keep a close eye on activity within our customers’ environments, and we can implement and run SIEM (security information and event management) to provide additional visibility. Datacom is also part of the NCSC’s Malware Free Networks (MFN) initiative, empowering us with advanced threat intelligence that expands our rapid response capability.

No organisation is ever completely secure, but we can make it a lot harder for attackers and much easier for us to respond when we do get attacked. In return, organisations are safer and can move faster and are able to continue to deliver more and better services to their stakeholders and customers.

* To find out more, go to the National Cyber Security Centre (NCSC) Cyber Threat Report [PDF, 1.58 MB]

** To see the full report, go to ACSC Annual Cyber Threat Report 2020-21 | Cyber.gov.au

*** To read the complete findings, go to Cost of a Data Breach Report 2021 | IBM

Related industries
Public sector Financial services Healthcare Professional services
Related solutions
Security Advisory & consulting