It should come as no surprise that cyber attacks pose an increasingly large threat to Australian organisations.
In fact, the Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) has specifically warned about, “an increase in the number of cybercrime reports and cyber security incidents,” as well as “an increase in frequency and sophistication of operations by a range of state-based actors and cybercriminal syndicates” and “an increase in the speed in which malicious actors have researched and then pivoted to exploit publicly-released vulnerabilities.”
Yet, despite these trends, many organisations hold outdated notions about both the criminals perpetrating these attacks and their specific vulnerability to cyber crime. Whilst hackers do continue to pursue major targets — as in the case of the well-publicised breaches of Solar Winds and JBS Foods — every organisation represents a potential target for cyber attacks.
Here’s why organisations of all sizes and sophistication need to be aware of the risk of cyber crime, as well as the steps they can take to protect themselves.
Why Every Organisation is at Risk of Cyber Crime
One of the most common sentiments we hear when talking to Mangano IT customers regarding the threat of cyberattacks is, “it’s not going to happen to me.”
To a degree, that’s understandable. If you’re a small organisation, or if you don’t believe you have anything worthwhile to steal, you may see yourself as being less of a target for direct attacks. But as you’ll see, these concerns are irrelevant. You don’t have to be specifically targeted to suffer losses from a cyber attack.
For example, consider that:
Unsuspecting employees can be lured into broad phishing attacks that expose you to vulnerabilities.
Many of today’s most effective cyber attacks don’t actually target individual stakeholders. Broad phishing attacks may send compromised links to thousands of individuals at random, hoping that at least some of the recipients will click them. If one of your employees clicks a phishing link from a networked device, it won’t matter that it wasn’t your organisation that was specifically targeted.
Disgruntled employees may compromise your security by downloading company data without your knowledge.
Would you know if one of your employees downloaded data on your customers, products, R&D efforts, or suppliers? This type of information may have tremendous value to a criminal — yet because ‘the fire is coming from inside the house’, all the external firewalls in the world won’t keep you safe.
Even if you don’t have sensitive or proprietary data, others in your network might.
Sure, the information in your systems may not have much value on its own. But consider your customers. Do any of them have sensitive information? If hackers can access organisations in your network by breaching your defenses, you could face not only liability issues for failing to secure your systems, but significant relationship damage and loss of trust with your customers.
Protect Your Organisation with Proper IAM
Protecting against these types of scenarios requires a multifactor approach. In fact, you likely already have some security measures, such as firewall and spam blocking programs, in place. But one of the biggest security gaps we see when talking to organisations about their cyber security approach is identity and access management (IAM).
Essentially, IAM involves controlling who gets access to different information and systems. You can think of it as a foundational step in cyber security, because proper IAM influences so many areas of your business and IT environment, including:
- Data security and protection
- Device and endpoint management
- How you assign user roles and privilege levels
- Modern workforce and bring-your-own-device (BYOD) policies
- The way you hire and fire employees
For best results, your approach to IAM should be codified with documentation, reviewed periodically, and regularly enforced. If you don’t currently have an IAM policy in place — or if you aren’t confident yours is up to the challenge of today’s cyber security requirements — use Mangano IT’s free IAM checklist to evaluate your existing IAM posture:
How to Improve Your IAM Maturity
Once you’ve measured your existing IAM posture using Mangano IT’s checklist, you’ll be able to put together an action plan for securing your systems. A few quick tips to keep in mind:
- IAM can’t be an IT-only exercise. Every employee in your organisation can be a weak link in your cyber security defences. For that reason, IAM success requires that every employee be educated on the role they play and the actions they must take to help keep your data secure.
- IAM requirements change regularly. IAM is never ‘finished’. Lockdowns related to COVID-19 prove just how quickly work can change. IAM must be responsive to everything from modern workforce trends, to IT architecture changes, team turnover, and more.
- An expert perspective can help. Consulting with a Microsoft Gold-Certified Security Partner like Mangano IT can help uncover areas of IAM risk you may not be able to see on your own.
While our free IAM checklist can help reveal some of these opportunities, it can also be useful as a starting point in a much larger conversation about your organisation’s cyber security maturity.
Reach out to Mangano IT’s expert team for a more customised assessment of your unique cyber security risks and opportunities.