Over 2020 – 2021, with a global shift to more people and organisations working remotely, security awareness for businesses has become a number one priority for many managers and executives. 2020 saw the continuing rise in ransomware attacks, sitting at the top of the list making up 23% of all attack methods on businesses and organisations around the globe. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it (1). One group of ransomware actors (Sodinokibi) were estimated to have obtained over $123 million alone, with over 21 terabytes of data stolen from individuals and businesses in 2020 (2).
Along with ransomware attacks, businesses are experiencing more and more types of aggressive attempts at accessing valuable data and systems. While ransomware itself can have a direct dollar value associated with the costs of trying to remedy the attack, businesses need to realise, and ask themselves – what is the real cost of an attack like this? Not only could there be considerable impacts on the ability to operate during or after an attack, but what about the loss of your valuable IP? Or your customers’ personal information being exposed? If a massive data breach were to occur, not only are the financial outcomes horrific, but you also need to consider the negative implication on your brand. Your data in the wrong hands is a nightmare, and it’s something that you must plan for to minimise the likelihood of happening in the future.
While some industries are the focus of targeted attacks such as finance and manufacturing, the Australian Government has now added new industries to the Critical Infrastructure Bill, which seeks to amend the Security of Critical Infrastructure Act 2018. The new bill expands its coverage from four sectors (electricity, gas, water and ports) to the following eleven critical infrastructure sectors:
- Communications
- Financial services and markets
- Data storage or processing
- Defence industry
- Higher education and research
- Energy
- Food and grocery
- Health care and medical
- Space technology
- Transport; and
- Water and sewerage.
As attacks become more prevalent and focussed on businesses and organisations who house critical systems and data, the government has accordingly focussed on expanding industry coverage as Australia experiences an increasing threat level of attacks. If your business or organisation falls into one of these industries, have you asked yourself how secure your data is? Now, more than ever, is the time to assess and review your position.
Knowing where to start is one of the biggest hurdles. Even if you already have a security awareness process in place, you must ensure that you are taking the additional steps to do the most you can to protect your business. Not only is minimising the risk of an attack important, but knowing how to recover is just as, if not more, important. That’s where Truis can step in and help you and your business navigate through the security awareness and readiness you need. Truis has in-depth, strong relationships with various security vendors, as well as having dedicated security specialists on staff who can help you navigate the security landscape from your endpoints to your servers. If you happen to fall into one of these industries on the Critical Infrastructure Bill, we can help. Make this October the month where you take the next steps in your security awareness journey, and get in touch with Truis to see how we can help.
(1) https://security.berkeley.edu/faq/ransomware/
(2) https://www.ibm.com/au-en/security/data-breach/threat-intelligence
