MailGuard Blog

It’s one of the most contentious topics facing businesses and cybersecurity professionals at the moment: Should ransomware payments be illegal?

The verdict is in, most industry experts and business leaders agree that Government contractors should be legally accountable for not meeting cybersecurity standards. A somewhat harsh stance perhaps, or simply being cruel to be kind?

The facts and figures are quite clear. We only need to look at the latest news headlines to witness the upwards trend of cyber threats that are facing individuals and organisations worldwide. From local councils to major corporations and government departments, no one is immune. We see evidence of this every day – from the recent cyber-attack in Melbourne, Australia, at the City of Stonnington Council, to Accenture’s $50 million dollar ransomware threat – cybersecurity is the number one threat facing businesses today. President Biden, in his address to the CEO’s of some of the largest corporations in the world, such as Google, Apple and JP Morgan Chase, urged leaders to up their commitment to cybersecurity, “The reality is that most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone…You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do”. It’s becoming more apparent that a cyber resilient culture within businesses is imperative.

Cybersecurity threats are at an all-time high and expected to intensify as we head into a new world of work, with a greater reliance on technology. Now, more than any other time in history, businesses need to have implemented, at the very least, baseline security measures, in order to be protected. As we near the end of 2021, and as our customers start gearing up for a more cyber resilient 2022, it can only be of benefit to review baseline cyber threat mitigation strategies to ensure we’re running a tight ship. 

Compromise can happen to anyone. It’s no longer a case of ‘If a cyberattack hits my business’ but ‘A cyberattack will hit my business’. We have come a long way from the thinking that only certain types of businesses (or business functions) could be the recipient of a cyberattack. Most security professionals now assume that a breach is inevitable and prepare accordingly.

We all use passwords. In fact, we need them to access almost any online device. They are the key to retrieving sensitive data, whether it be online banking, classified company documents or social profiles, such as LinkedIn. They’re the first line of defense to protect crucial information, and often the most vulnerable. It’s not surprising then, that cybercriminals often create phishing scams to steal password credentials in order to procure data for use in criminal activity.

As I write this, the threat of Ransomware is rapidly on the rise. So much so that the Australian Federal Police has formed a task force - Operation Orcus - following in the footsteps of the US Government, in an attempt to combat the specialised criminal infrastructure that is wreaking havoc across large scale organisations here and globally. High profile victims such as Nine Entertainment, JBS and Uniting Care, along with the recent Kaseya interception have been making headlines and may continue to do so without superior intelligence targeting organised crime groups.  

A personalised and targeted email, an opportune offer and the impersonation of multiple brands – some of the techniques employed by cybercriminals in a phishing email scam that resulted in a property buyer losing thousands of dollars as part of a ‘deposit’, supposedly for his new apartment.

Your business data is being held hostage, encrypted with only your attackers holding the keys. So, do you pay up the ransom, or try to recover without handing over company profits to cybercriminals?

It’s been called the “largest cyber-attack on a media company in Australia's history," something that has never been seen before in the country. 

Commenting on paradigm shifts in cybersecurity in 2020, Ann Johnson, Corporate Vice President, SCI Business Development at Microsoft wrote: 

“As we look past the pandemic to a time when workforces and budgets rebound, Zero Trust will become the biggest area of investment for cybersecurity. This means, that right now, every one of us is on a Zero Trust journey—whether we know it, or not.” 

In the final weeks of 2020, news of the SolarWinds hack broke – a cyber-attack that has been dubbed as “the Pearl Harbor of American IT”.   

This week marks Identity Theft Awareness Week, a public awareness campaign by the U.S. Federal Trade Commission (FTC) dedicated to mitigating the impact of identity theft. The week comprises a series of events organized by the FTC and its partners that focus on reducing the risk of identity theft and on concrete steps to recover if identity theft occurs.

Among other things, 2020 reminded us how fundamental cybersecurity is to business continuity.

Earlier this year, I wrote about the need for Australian businesses to step up their efforts in defending themselves from Business Email Compromise (BEC) attacks.