Cyber security risks are evolving, is your business keeping up?
Over the past decade, cyber security has shifted from being purely an IT issue to a business-critical priority that’s costing companies tens of thousands every year.
Almost $84 million in losses from business email compromise fraud alone was self-reported by businesses in FY2023-24, with an average financial loss of more than $55,000 per confirmed incident.
In fact, business email compromise fraud made the top three cybercrimes reported by businesses to the Australian Signals Directorate (ASD), the nation’s foreign signals intelligence and cyber security agency. The other top reported cybercrimes were email compromise and online banking fraud.
With the intelligence agency warning businesses that hold either customer data or proprietary knowledge are ‘attractive targets’ for cybercriminals, there’s never been a better time to take a more proactive approach to protecting your systems, processes, and people.
Let’s explore how you can put the right safeguards in place, from event logging to understanding the ‘harvest now, decrypt later’ threats on the horizon, to ensure you're ready for today’s risks and tomorrow’s unknowns.
If you can’t see it, you can’t safeguard it
Event logging is a foundational safeguard for any cyber resilient organisation, helping teams detect issues well before they become security breaches. This process gives IT teams much-needed visibility, accountability, and evidence across their systems.
An event log is a structured file that contains specific information related to event data. When done correctly, event logs can help capture any unusual activity, such as failed login attempts or unexpected network traffic, that could signal malicious activity.
If a breach does happen, event logs act as a comprehensive filter through which teams can trace what happened, how, and when. And, outside of security threats, event logs can also highlight any internal system errors, performance issues, or user behaviours that could be corrected to help the business improve any inefficiencies.
Here’s a good baseline of what should be captured in an event log, according to the ASD:
- Timestamps
- Event type (status code)
- Device identifier
- Session/transaction ID
- Source and destination IP
- Status code
- User ID, if appropriate
- A unique event identifier
To ensure logs and log platforms are working properly, it’s best to develop a policy that:
- Defines what events should be logged
- What tools will be used to do so
- How they’ll be monitored
- How long they’ll be stored for
- Where they’ll be stored
You’ll want to make sure your logs are collected and stored centrally to make them easily searchable and stored securely so only select people can access to view and/or modify if needed.
Event logs are also recommended as a detection best-practice for living-off-the-land (LOTL) threats, which use native systems and processes to operate without being detected.
LOTL threats can happen across multiple environments, from cloud to on-premise, and are often camouflaged to look like typical network behaviour. That’s why a robust and comprehensive event logging system is one of the best forms of defence from these hidden threats.
Find out more about LOTL techniques and what to look out for here.
Legacy IT can be a hacker’s way in
Cyber threats are reported once every six minutes in Australia, with malicious actors moving fast to find new vulnerabilities in enterprise systems. And one of the biggest risks businesses face? Holding onto legacy IT systems without a sturdy management plan in place.
What qualifies as legacy IT? The ASD says an IT product is considered ‘legacy’ if it meets at least one criteria from these two categories:
Category A | Category B |
|
|
Source: ‘Managing the risks of legacy IT: Executive guidance’, June 2024
Legacy IT doesn’t get security updates, which exposes businesses to a higher chance of a breach from malicious actors who can then also use it as a back door to other systems in your IT environment.
The reality is, a cyber attack through legacy IT isn’t a case of if, but when. Cyber resilient companies are ones that have a strategy for handling the inevitable depreciation of their IT systems, applications, and hardware currently in use. And, for those where replacing IT isn’t feasible short-term, a plan to apply temporary mitigation measures such as network segregation, MFA, or user account restrictions where needed.
Aside from cyber threats, legacy IT also impacts the general running of your business, increasing the probability of having to take systems offline or interrupting the delivery of services to customers. This was the case with Best & Less, whose legacy POS system was both a cyber security risk and cause of interruption to the company’s operations across its 188 stores. The company brought us in to help transform their POS system and deploy a new POS infrastructure. We collaborated with HP to determine ideal hardware specs, set up an initial on-site installation as part of a pilot phase, and finally coordinated with on-site engineers to ensure seamless nationwide rollout.
Third-party risks: How to secure your extended IT ecosystem
Project service providers and vendor partnerships are a necessity for today’s IT teams, but, if not properly managed, they can also introduce potential security gaps. From cloud providers, device manufacturers, distributors, and retailers, every external partner with access to your systems can represent a possible risk to your business, and your customers.
The first step to mitigating third-party risks is to build out a directory of your existing vendors, ensuring they have compliance certifications, up-to-date IT environments, and strong, transparent security practices. You’ll also need to define clear responsibilities for data protection and include any security requirements in your contracts.
Here at Truis, we work closely with our clients to deliver end-to-end cyber security solutions that help them focus on growth, without compromise. We provide a range of services, from strengthening networks and firewalls through to staff awareness training and email security. Find out more about our security solutions here.
Futureproofing your cyber security against quantum risks
The era of quantum computers is approaching faster than many realise, and with it comes new security challenges for businesses. While today’s modern computers can’t yet break the public‑key cryptosystems we use today, the next generation of cryptographically relevant quantum computers will be able to.
That means information and communications that businesses rely on being secure could be at risk in the future. ASD is already warning of future ‘harvest now, decrypt later’ attacks, where malicious actors steal encrypted data and store it until quantum computers are powerful enough to help them break through.
The ASD is encouraging all companies to start considering a post-quantum cryptography transition, which the agency says should be planned by the end of 2026 for completion by 2030. You can find out more about the ASD’s recommended transition timeline here.
Let’s strengthen your IT environment together
Cyber security is a constantly evolving challenge, with each company’s needs unique. Our team can help you assess risks, build plans for your legacy IT, help prepare you for emerging threats, and much more. Get in touch today to find out how we can help your organisation.