The Australian Cyber Security Centre has issued a warning to all Australian businesses amid the escalating conflict between Russia and Ukraine to increase security measures against a possible targeted Russian cyber attack.
The ACSC says Russia could retaliate against Australia for supporting Ukraine.
Australian businesses are now at serious risk of disruption or becoming the victims of malicious activity from Russian cyber criminals.
These attacks could come in many forms including denial of service attacks and ransomware attacks.
If successful, these attacks on Australian businesses and organisations could cause financial, operational and reputational damage.
The Office of the Australian Information Commissioner (OAIC) says 55 per cent of the 256 data breaches that occurred between July and December 2021, were the result of malicious or criminal attacks with 68 per cent of these identified as cyber attacks.
The ACSC is encouraging Australian businesses to act now to ensure their security is in place and up to date to repel any potential attacks.
The organisation says it’s not a matter of if, but when.
Businesses need to act immediately to protect themselves.
Here is what cyber security expert and StickmanCyber founder Ajay Unni suggests:
STEP 1
INCIDENT DETECTION AND MITIGATION
The first and most important step is being able to detect, mitigate and respond to any security incidents.
It’s important to have the right tools in place to identify any form of suspicious activity.
In the same way a physical location has a back-to-base alarm, businesses should consider cyber security consultants who can watch over your computers and networks 24/7 365 days a year.
If any suspicious activity is identified, a response is launched immediately to mitigate the threat before it turns into a breach or an attack.
And if a breach has already occurred, the team of security experts can help businesses recover.
STEP 2
COMMUNICATE WITH YOUR ORGANISATION
The weakest link in any organisation is human error when it comes to maintaining information security.
Employees need to be educated about the likelihood of phishing attacks, misinformation campaigns and attempts by malicious actors to compromise systems and networks within those organisations.
Apart from communicating the threat to employees, it is also wise to ensure they receive regular security training with awareness programmes in place for existing and new staff.
STEP 3
RE-EVALUATE PRIVILEGED ACCESS
Whenever there is an increased risk of an attack or threat, organisations information security teams need to monitor all new software and accounts especially those that offer high privileges.
Stronger authentication and overall identity and privilege access management can keep your organisation safe.
STEP 4
ENHANCE CYBER SECURITY HYGIENE
This is an opportunity for organisations to improve their cyber security hygiene to keep their systems and networks safe from a cyber attack.
This can be done by installing reputable antivirus and malware software, keeping software and applications up to date with the latest patches, ensuring employees use strong passwords and multi factor authentication on all devices and accounts and making sure data is encrypted.
