We in Australia often rely on our isolation and low profile to escape the worst of the world of cybercrime. While criminals are drawn to the large opportunities in America and Europe, our smaller market and relative anonymity has given us some protection. All indications are that this is changing, and Australia needs to start taking cybercrime much more seriously.
The 2016 ASCS threat report indicates that CERT Australia responded to 14,804 cyber security incidents between July 2015 and June 2016(1). In their latest published figures, the ASCS received a massive 67,500 cybercrime reports last financial year. An increase of over 400%(2).
These are just the reported numbers. With the media storm around the recent Optus and Medibank leaks, you wonder how many companies have quietly paid the ransom rather than face the fallout of admitting a breach.
Our days of being a small target are over, so what should we be doing to protect our data?
The first obvious step is to focus on security. There are plenty of people more qualified than me to advise on this, but as someone with a software development background all I can say is security should be baked into the software products you use, or those you create in-house. A good friend of mine, and one of the primary architects of our Cirrus Backup suite, hammered “shift left on security” into us, to the point that it is pretty much the first thing we think of when designing solutions.
If the worst happens and a determined attacker breaches your defences, how do you minimise damage?
One of the simplest things you can do is store only what you have to. For example, if you require sensitive information (such as a passport to verify an individual’s identity), keep that data only for as long as needed. For data you do have to keep, encryption is a must. To use ourselves as an example, the most sensitive data we keep is our customers’ backups. We primarily use Azure Storage, however we don’t rely solely on Microsoft managed keys for encryption - all data is also encrypted with keys that we manage.
The other thing you should be doing is backing up. You probably saw this piece of advice coming given my line of work, but even if you use one of our competitor’s products use something to back up your data! Ransomware is looming large in our current IT landscape and paying the ransom shouldn’t be your recovery strategy. In fact, 24% of organisations surveyed by Veeam, that had been a victim of ransomware, paid the ransom and still could not recover their data. Only 19% were able to recover data without paying, and you can be sure those were the ones with a solid backup strategy!(3)
(1) https://www.cyber.gov.au/sites/default/files/2019-04/ACSC_Threat_Report_2016.pdf
(3) https://www.veeam.com/wp-veeam-ransomware-trends-report.html