With the threat posed by cybercriminals and the risk to each and every one of us intensifying each day, Maxsum’s inaugural Melbourne Cyber Security Leaders Forum aimed to educate and empower business leaders to think about cyber security as more than just preventing data breaches, and to develop a more strategic and proactive understanding of the greater threat landscape.
Over the last 12-18 months, cyber security and data breaches have made headlines almost weekly, and the scale and frequency of these incidents has finally served to highlight the impact of security incidents and data breaches not just on organisations and their assets, but on the people – individuals, their friends and families – that work, communicate with and rely on them.
The pertinence of the event’s theme – the Risks and the Threats – was evidenced in the turnout, with the RACV’s Bayside Room at more than full capacity. Guests from a broad range of industries and sectors heard from speakers:
- Dr Derek Bopping, Head of the Australian Signals Directorate’s Melbourne State Office
- Ben Verschaeren, Director of Sales Engineering for Sophos
- Joe Ciancio, Maxsum Managing Director
Intelligence driven insights on the cyber threat facing Australia
After an introduction from Stephen Kerr, a crisis management professional who has firsthand experience helping clients navigate the reputational risks following a data breach, Dr Bopping delivered a stark wakeup call to attendees.
As someone on the very frontline of protecting Australia from foreign cyber threats, Dr Bopping’s intelligence-backed insights into the geopolitical influences and impacts of attacks were sobering. His message was clear – that we have entered a new age of the cyberthreat – one where cyberattacks are today a standard element of modern warfare, both during conflict and peace time. Our critical infrastructure assets, he explained, are targeted by malicious actors for not just disruption but for destruction, which requires vastly different planning and response measures.
Dr Bopping highlighted that, in most cases, the tools currently being used by cybercriminals are still not always particularly sophisticated, with a vast majority of reported incidents resulting from basic phishing or systems left unprotected, unpatched, unmonitored, or simply forgotten. While modern day cyber criminals are using AI and machine learning to extend their capabilities, they don’t really need to, as many businesses are still unknowingly leaving the door wide open for them. The question of what will happen when those modern attack methods are unleased en-masse before businesses can cover off the fundamentals, hung in the air.
One of Dr Bopping’s final thoughts no doubt left many in the room alert and maybe somewhat alarmed: if you think you’re covered and that you have no blind sports when it comes to your cybersecurity measures, you’re dreaming.
Navigating the changing threat landscape requires new focus
Ben Verschaeren from leading global cyber security partner Sophos was up next, giving a lively presentation on the current threat state from a private sector perspective. He started out by making a very bold claim – that malware is a solved problem. What did he mean by this? Well mainly that fundamental security measures – firewalls, antivirus software and email protection software – have more or less neutralized the threat of the “virus” – that’s no longer what businesses should only be focusing on. Rather businesses should now be turning their attention to human exploits aimed at establishing an undetected persistent presence in your systems as a foothold to lateral movement and eventual data exfiltration. This emphasized Dr Bopping’s warning that, whether through not updating software or using weak passwords, it is not difficult for criminals to gain access to networks.
By way of example, Ben displayed a screenshot of ransombook.io – a freely available and easy to access website that displays a ‘scoreboard’ of the latest companies to have been breached, the hackers responsible and the ransom amount – eliciting shock, with the obvious implications for reputational damage laid bare.
Ben went on to break down the ways cybercriminals infiltrate and move through systems – all while evading detection – before extracting valuable data. He explained that modern attack methods involve cybercriminals making use of legitimate tools that your IT administrators may routinely use to evade detection.
In addition to baseline recommendations to ensure that patching is routine and regular and that multifactor authentication is in place, he emphasized the importance of educating staff on the risks of “MFA fatigue” (where an MFA user is bombarded by prompts unexpectedly and simple accepts to quell the noise) and encouraged business representatives to go back to their IT teams and request a review and audit of commonly whitelisted IT tools with a view to preventing undetected misuse from within your systems.
Ben advised applying the same scrutiny and security to internal movement as external through zero trust architecture.
Protecting your house takes more than locks on the doors
Closing out proceedings was Maxsum Managing Director, Joe Ciancio, who talked about the what’s actually required to “protect, detect and eject” threats from your network.
A surprise perhaps to many in the room, Joe reminded the audience that it’s not in fact IT departments or software companies that are responsible for data protection and preventing data breaches in the eyes of the law; it’s Company Directors, making cybersecurity an essential topic of focus for Directors, Boards and the Executive teams that report to them.
Given Directors and Boards hold the final responsibility for cyber in the organisations they govern, Joe explained that while many may think their company’s IT department has their cyber security needs covered, IT support does not provide the diversity of skillsets or personnel trained to address the sheer complexity of the modern threat landscape. Essentially, addressing modern IT security threats needs a specialised, proactive, dedicated approach to Managed IT Security.
Joe demonstrated how many organisations attempt to implement cyber protections, but without working to a framework, they often fail to progress beyond the Protect phase of any cyber security framework. Joe explained the importance of considering the five key elements of the globally recognized NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover, using the analogy of home security. He demonstrated how having locks on your doors might Protect your home, but that locks alone are not enough to Identify, Detect, Respond to and Recover from an intruder.
Joe explained that while there is no one size fits all framework for businesses, overlaying your current protections against recognized cybersecurity frameworks, like the NIST Framework for example, can guide organisations to see how, whilst they may be well covered in the Protect category, they may now require strategic and operational attention to be directed into the Identify, Detect, Respond & Recover phases to ensure their cyber incident response plan is both actionable and effective.
Maxsum wishes to extend a thank you to our keynote and guest speakers, supporting partners, and our guests for ensuring the Melbourne Cyber Security Leaders Forum was an engaging and informative session that left the room with some big questions and very tangible next steps to take back to their teams.
If you’d like to find out more about where your cybersecurity provisions current sit, take the free Cyber Maturity Self-Assessment and then Book a Review Meeting with our Managed IT Security leads to find out where your focus needs to be.
