The global threat environment is at its most dangerous since the Second World War, and this is reflected by the Bulletin of the Atomic Scientists’ Doomsday Clock still being set to 90 seconds to midnight – the closest to global catastrophe it has ever been. We’re all aware that modern warfare has a cyber dimension, and with the standoffs and posturing between the West and nation-states like China, North Korea, and Iran, it’s no surprise our cyber senses are tingling.
The question that should be asked is how much of what’s going on really affects what we do in cybersecurity inside our organisations. The reality of the global cyber threat environment is that not much has changed since the pandemic. The volume and intensity of cyberattacks grew significantly during those early months of home working as ransomware actors upped the ante. And unfortunately, those levels of attack have not abated. In fact, things may have gotten a little worse. Yet the consensus amongst cyber professionals remains the same – the pervasive threats we face inside our own businesses mostly have criminal provenance and are primarily driven by financial gain. More ransomware equates to more victims and better payouts.
Criminal syndicates and nation-states alike are perpetrating financially motivated attacks with increased fervour. North Korea gains much external state funding from its ransomware campaigns. Similarly, should Iran find itself more isolated from the global markets than it already is, it will certainly up its own ransomware game.
With this continuing pressure of cyberattacks against every commercial or business entity in Australia, it would be easy to assume that the external threat environment, shaped by global geopolitical issues, is the primary determinant of organisational risk. Yet, we caution about paying attention to these significant, complex meta-risks since the reality of what’s likely making you vulnerable to attack is more nuanced.
Every Australian business and organisation has a unique cyber risk profile, regardless of size or market. It’s easy to generalise when assessing cyber risks, but we don’t advise this. You could say, for example, “We’re a building company, so we’re less likely to be targeted.” Or you could intimate, “We don’t handle large amounts of client data, so we’re safe from those sorts of attacks.” But your profile as a victim (or a target from the criminal’s perspective) isn’t based on the same metrics. Adversaries will consider how easy it is to infiltrate your business, how likely you have a supply chain that pays large bills or invoices clients, and whether or not your IT systems are worth anything to you to determine if a ransomware attack is worth trying. How you operate, your size, and the likelihood of you having specific technologies or employee awareness campaigns all factor into the criminal deciding whether to attack you. And sometimes it’s just bad luck. Someone in your business clicked on a link from a mass-mailing ransomware campaign, and you are hit. Nothing specific. Nothing targeted – just a big phishing net cast across as many targets as possible, hoping someone takes the bait.
The best approach for any organisation is to turn their lens inwards and understand their strengths, vulnerabilities, processes, and the value of their assets. Unless this internal landscape is understood and managed, all that talk of the prevailing threat environment is, at best, irrelevant and, at worst, a distraction that means you miss the attack.
When you gain a clear impression of your internal risk factors and understand your baseline security posture, you can turn to external threat intelligence to help sharpen your reaction to changing global situations. Threat intelligence isn’t just about understanding what’s happening worldwide; it’s about matching the pressure of external threats against internal vulnerabilities and making timely decisions to spend time and resources making your internal systems resilient to attack. Bridging this gap helps you tailor your cyber defences to how your business works, making them robust and agile.
External factors will always affect our perception of risks, which is no different in cyber. The world is in constant flux, and getting lost in those big-picture narratives is tempting. Yet, for most organisations, what really matters hasn’t changed. The primary task is to understand the risks, build a profile of your most important assets and business processes, and map out the internal attack vectors that could open you up to a breach. Once you have that data, you’ll know what to defend.
Businesses must redouble efforts to map the intricacies of cybersecurity within their unique contexts. Suppose your organisation lacks the capability or expertise to undertake this kind of introspection. In that case, it might be time to seek assistance. In this complex world of thinking like an attacker, half the battle is won if you have experience.
If you want to understand this process more deeply and learn how best to address your cybersecurity shortfalls, consider partnering with us. We’ll ensure your organisation remains resilient, no matter what’s going on in the rest of the world. Reach out to us today.
Think this service suits your business? We work with a multitude of different industries across the board, so get in touch with us if you think you’re in the right area and would like to talk to one of our team about becoming cyber secure.