My name is Mathew Clark and you’re joining me for my first blog with Calibre One as a Cyber Security Specialist. I’ve got 11 years in the managed service industry and a broad spectrum of experience across many different client sizes and industry verticals. I’ve worked in leadership and have a strong grasp of what makes the world go around (money) and how ICT, and Cyber Security seem to be assets that are seemingly at odds with each other in terms of generating and draining that world moving object of desire.
In the most recent ACSC report
- Over 67,500 cybercrimes were reported, 13% more than the previous financial year.
- Self-Reported losses from cybercrime totalling more than $33 billion
- The average severity of such incidents increased, with more than half categorised as ‘substantial’
- 8% of National Cybercrime reported from SA and Northern Territory
- The highest financial losses were reported by South Australia and Western Australia
- The average loss reported by businesses in excess of $20,000+
Cybersecurity best practices: What do we do?
There are a number of things an organisation small, medium or large can do, and they don’t have to break the bank.
Adopt a CyberSecurity Framework
Companies adopting a cybersecurity framework like
- Australian Esential 8 and the Information Security Manual
- NIST SP 800-53 rev 5
- ISO 27001
Are proven to reduce the impact, and likelihood of a successful cyber-attack by 94%. The frameworks themselves are readily available and in most cases free to download from the respective government sites.
Upgrade Traditional Antivirus to a Endpoint Detect and Respond (EDR) service
Traditional Anti-Virus is shown to have limited effectiveness, with the most recent reports showing only around 25% effectiveness of these signature-based systems. Adopting an EDR tool improves the likelihood of catching new attacks and frustrating would be attackers in the process.
Test your backups
Most organisations have a backup, but when was the last time you tested it? Ensure at least quarterly tests, with a restore of new systems as soon as they’re installed. Ensure you’ve got at least 190 days of retention. Cyber Criminals are known to compromise backups ahead of their actual payload to ensure you’re more likely to pay.
Practice your critical response plans
Have critical plans written down for Incident Response, Disaster Recovery and Business Continuity plans. Not only is the way you respond to these critical, but also practicing these events at least annually. We practice for fire, but the reality is you’re more likely to have a cyber incident.
Strong Authentication Policies
Mandating and enforcing critical security tools like Multi-factor authentication, and changing mindset from “Password” to “Passphrase” – “Easy Instant Noodles” is more secure than “Summer2021”. Enforce these with technical controls using services like Azure active directory, a core component of Office 365.
Invest in Security Awareness Training
Social engineering is one of the most effective means for an unauthorised attacker gaining access. Ensure your staff knows how to identify spam, or a fraudulent caller. Add policies for transfer of sums of money, require a wet pen signature from the authorising party, or better yet, 2 authorising parties!
Cybersecurity is very much a journey, but implementing controls that help doesn’t have to cost an arm and a leg, ensure you’re protected by taking steps that are appropriate to you, not everyone is going to need that $10 bike lock, after all your bike might only be worth $5!
Calibre One are here to assist you in implementing all your security needs, and are with you in the journey every step of the way. For assistance in implementing the above steps please reach out. Wishing you a #CyberSafe week. Be safe everyone.