2020 has been a year that most people would rather forget. And for IT professionals and Australian businesses, it’s also been a year of turbulence when it comes to cyber security. From malicious attacks to phishing scams and even proposed changes to the Privacy Act, there’s been a lot to keep track of in the world of data security—and plenty of room for improvement in the year ahead.
Cyber-attacks continue to be one of the biggest security issues facing Australian businesses and individuals.
According to the Office of the Australian Information Commissioner (OAIC), which keeps track of notifiable data breaches, there were more than 1000 breaches in the financial year ending June 2020, with more than 60% of those breaches a result of malicious or criminal attacks.
Those are data breaches are concerning, as private information can wind up in the hands of criminals or for sale on the dark web. But the problems go deeper. In the same period, the Federal Government’s Australian Cyber Security Centre (ACSC) responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes. The most common type of cybersecurity incident was ‘malicious email’ (27%), such as a phishing scam.
Other major IT security issues in 2020 included:
This activity highlights the need for all businesses, no matter how big or small, to take steps to protect against malicious attacks.
In response to growing cyber security concerns, the Federal Government has released a new Cyber Security Strategy, announcing Australia’s largest ever investment in cyber security. This strategy will see 1.67 billion invested in initiatives aimed at improving Australia’s cyber security over the next decade, including a previously announced cyber enhanced situational awareness and response (CESAR) package.
Additionally, reforms have been planned for the Commonwealth Privacy Act 1988, which may affect Australian businesses.
However, even the biggest government investments won’t make cyber crime disappear overnight. It’s essential that all businesses take steps to improve cyber security processes. Looking ahead to 2021, here are the IT security trends you can expect:
A Continuation of Remote Working
The impact COVID-19 could result in more people working from home in 2021 and further into the future. Organisations must ensure best practices including security settings, administrative control, multi-factor authentication and cloud security, as a start.
IT Workforce Assessment
Do you have the right people in the right roles when it comes to IT security? Whether you outsource IT or have someone in house, ensuring you have processes and procedures in place for administrative tasks and application control will be essential to mitigate security risks.
The ACSC suggests promptly updating (or patching) all internet-facing software, operating systems and devices. Patching will continue to be key to cyber security in 2021, with reliable app providers generally offering ‘patches’ for known threats via software updates. It’s best practice to install the latest available updates within 48 hours of them becoming available.
Two-step logins are becoming standard for many applications. Don’t make it easy for criminals to access your private business or personal data and ensure the use of multi-factor authentication across all remote access services.
A Virtual Private Network (VPN) allows you to securely connect with another network over the internet by encrypting your activity and data.
Ransomware attacks are a growing area of concern for Australian businesses. A hacker can cripple organisations by encrypting all connected electronic devices, folders and files and rendering systems inaccessible, before demanding a ransom in return for the decryption keys.
The ACSC strongly advises against paying ransom demands, as there is no guarantee the adversary will actually provide the decryption keys. In 2021, companies should look to isolate regular, daily backups from the main network and the internet to protect copies of vital information. It is generally much easier and safer to restore data from a backup than attempting to decrypt ransomware-affected data.
Increased Caution Online
One of the simplest ways to protect against cyber crime is to limit the amount of personal information you hand over to organisations. Always ask yourself—does this organisation really need my date of birth or driver licence details? Be suspicious of unsolicited requests for personal information or urgent requests for money. Review each email you receive; consider who sent it and what they are asking before you open it, click on a link, or open an attachment. Be sure to use complex and different passwords across applications.
Find out how you can improve your IT security in 2021 by contacting the StormWarden team at 1800 986 755.