Cyber security trends

The Essential Eight & Cyber Security Trends

Time
5 mins

Article Summary

Discover the Essential Eight strategies from the Australian Signals Directorate, designed to fortify your organization against cyber threats. These crucial tactics include regular software updates, multi-factor authentication, and effective application control. As cyberattacks surge—especially in cloud environments and through social engineering—it's vital for businesses to enhance their defenses and recovery plans. Don’t miss insights on the latest trends and the five critical threats every organization should watch out for!

Explore Terms

What are the Essential Eight?

The Essential Eight are the eight most effective strategies that organisations can implement to protect themselves from cyber threats, as developed by the Australian Signals Directorate. The eight strategies are:

  1. Patch applications: Keep all software up to date to fix vulnerabilities.
  2. Patch operating systems: Regularly update your computers and software to prevent security risks.
  3. Multi-factor authentication: Using MFA can heavily decrease the likelihood of your business being compromised.
  4. Restrict administrative privileges: Make sure to manage the permissions staff have and limit who can make major changes in systems.
  5. Application control: Manage the software your business uses and block unauthorised software from running.
  6. Restrict Microsoft Office macros: Disable potentially harmful macros in documents.
  7. User application hardening: Secure apps by disabling risky features.
  8. Regular backups: Ensure you can restore data by routinely backing it up.
Cyber attacks

Trends in Cyber Attacks

Cybersecurity – still a problem. In Australia and worldwide. 

As long as threat actors continue breaching our systems, we can be confident that cybersecurity will be a hot topic for businesses worldwide. Crowdstrike’s Global Threat Report and the ASD Cyber Threat Report collate some interesting insights below:

  • The average cost for cybercrime has been up 14%, with small businesses reporting costs of $46,000 per crime and medium businesses reporting costs of $97,000 per crime
  • Queensland (30%) and Victoria (26%) lead Australia in the most reported cybercrimes. Businesses in these states lead in breaches
  • Cloud-environment intrusions increased by 75% year-on-year (YoY) in 2023
  • Social engineering and identity-based attacks are still ‘King’. Cybercrime victims’ name leaks have increased by 76% YoY in 2023
  • Ransomware breaches continue to grow. 10% of all cybercrime incidents responded to by the Australian Signals Directorate (ASD) involved some form of ransomware 

Let’s put a name to statistics from the reports and articulate the 5 most critical cybersecurity threats businesses need to be aware of:

 

#1: Identity-Based Intrusions

Identity fraud is the most commonly reported crime for individuals in Australia and continues to be one of the hottest topics in the cyber-world. Phishing, stolen credentials, and privileged escalation are some of the most commonly thrown-around phrases in the industry. In 2024, Microsoft’s newly branded Entra ID, Okta’s Auth0, and AWS Identity are high, in-demand services that will dominate the identity space for various enterprises in the country. Securing these environments will become the number-one priority for organisations across all verticals. 

Many identity-based intrusions take place through social engineering techniques that prompts users to disclose their personal credentials. Threat actors use stolen credentials to obtain unauthorised access to systems and continue escalating privileges and move laterally throughout the network using this compromised account. Using escalated privileges, they will identify highly-sensitive data inside your network and exfiltrate your highly-sensitive information to an external server. Strategies to mitigate these intrusions include robust multi-factor authentication (MFA), strong password management, following least privileged access, and following strong Zero-trust principles. 

Read more on the importance of strong identity protection in the report below: https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ 

 

#2: Cloud-conscious attacks

Businesses need to focus on the Cloud, with a 110% increase observed in Cloud-conscious intrusions. Actors are becoming more conscious of the Cloud and use their access to target systems to abuse Cloud services in hopes of achieving their objectives (which is usually data exfiltration or holding target systems at ransom). According to the Crowdstrike report, hacker group SCATTERED SPIDER drove most of the Cloud-conscious attacks (amounting to about 29%). One such attack involved phishing and social engineering tactics to breach target systems, escalating privileges, and exfiltrating data from the Cloud and the organisation’s Active Directory database. SCATTERED SPIDER commonly targeted Microsoft 365 credentials to establish a presence in Microsoft’s Cloud identity solution, Entra ID. Actors will often exploit their access to steal credentials data from various password stores and databases. Cloud is also often used to move to on-premise servers and finally exfiltrate this data to an external Cloud service. Cloud security is the future of well-planned cybersecurity and we need to consistently re-evaluate our Cloud practices to create a safer technology world.

 

#3: Ransomware hacks

Ransomware is an attack which not only exfiltrates data but can affect the availability of critical business services that can cost a business millions, in addition to the millions of dollars demanded by cyber-criminals in exchange for meeting business demands. Most Australians would be familiar with the case of the Medibank breach, where ransomware group REvil posted 6GB of raw data samples on the dark web. The attack began with a third-party IT provider for Medibank who saved their administrator credentials onto their Internet browser. These credentials were stolen by REvil who authenticated and logged into Medibank’s Virtual Private Network (VPN) and installed a malicious script onto the company’s systems. The IT Security team failed to triage the incident in time and      approximately 520GB of data were extracted. REvil demanded $10M in ransom (or $1 for each stolen customer record). The ransom was never paid, and Medibank has been imposed with a civil penalty, amounting to millions of dollars, adding to a long line of existing cases already faced by the firm. Organisations need to prioritise ransomware protection, including regular backups and updates, continuous monitoring of the dark web, using antivirus protection and regularly insuring against their business to avoid future breaches.

 

#4: Social engineering and e-mail fraud

Phishing and other social engineering frauds continue dominating the cyber-space, disrupting work in various industries, specifically targeting employees through malicious emails and other creative tactics. During a phishing attack, the user will be prompted to click a malicious link or file, revealing various sensitive details such as credentials or payment data, which can be further exploited to install malicious software or extract funds from a user’s account. Education and awareness continue to be a common weak link for modern business. The quality of education and awareness will determine the effectiveness of our cyber defence.

 

#5: Third-party attacks

Third-party risk management will be an interesting topic throughout all of 2024. Many organisations outsource their ICT to specialists outside their organisation to increase business efficiency and reduce expenses for their company. This also poses a risk. Intrusion actors consistently exploit vendor-client relationships to maximise their attack surface. The key motivation here is to maximise returns by obtaining access to hundreds, if not thousands of organisations. Think of the Crowdstrike outage a little more than a month ago. If a hacker obtains access to Crowdstrike’s Falcon solution, they could theoretically hold the whole world hostage. The world is entering a new era of IT security, and businesses must take calculated risks when establishing business relationships.

Cybersecurity grows in importance and an increased focus towards the Cloud and social engineering attacks highlights a need for significant investment from businesses into their preventive, responsive, and recovery protocols. This article is sponsored by Cylo.ai, an IAG-backed cyber insurance company that helps small-to-medium enterprises (SMEs) insure against the deadly impacts of cyber-attacks. Learn more about Cylo’s products here:

 

Sources
1. Crowdstrike Global Threat Report 2024: https://go.crowdstrike.com/rs/281-OBQ-266/images/GlobalThreatReport2024.pdf 
2. ASD Cyber Threat Report 2023: https://www.cyber.gov.au/sites/default/files/2023-11/asd-cyber-threat-report-2023.pdf 
3. Read up on the Medibank breach: https://www.theguardian.com/australia-news/2024/jan/28/shadowy-world-of-ransomware-for-hire-revealed-by-online-account-activity-linked-to-the-medibank-hack 
Insurance issued by Insurance Australia Limited ABN 11 000 016 722 trading as CGU Insurance. To see if a product is right for you, always consider the Product Disclosure Statement and Target Market Determinations available from www.cgu.com.au