Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
As the cyber crime economy burgeons, chief information security officers (CISOs) are vital to protecting organisations from threat actors, according to a cyber security executive.
Ahead of the inaugural Cyber Security Summit 2023, Microsoft APAC chief cyber security adviser Abbas Kudrati said the cyber security industry is witnessing a new pattern called cyber crime-as-a-service (CaaS).
“Cyber crime has become its own economy,” Mr Kudrati told Cyber Security Connect.
CaaS is an organised crime model where threat actors sell their tools, expertise, and services to other people.
Barriers to participation are minimal, as anyone who is willing to pay for it can use CaaS on the dark web. They no longer require special coding skills or to develop their own malicious software.
“There is a marketplace where one group of adversaries will create a ransomware kit, and the second group will help them target customers and launch attacks. A third or fourth group will take the data out of the organisation. Another group will help them send the data out in the dark web,” Mr Kudrati said.
Ransomware kits are inexpensive and easily accessible, and buyers can be partly refunded if the kit does not work, Mr Kudrati said.
“The fact that cyber crime has its own marketplace and economy is creating significant challenges for organisations and other defenders,” he said.
“They’re constantly attacked via various means, including phishing emails that include malicious links. When someone clicks on them, the malware gets downloaded to their device.”
This could include ransomware, which Mr Kudrati explained could either steal or encrypt the data and hold organisations to ransom. Organisations may feel compelled to pay the ransom to the threat actors to recover this data.
His comments precede his session at the Cyber Security Summit in June, where he will unpack the latest cyber crime victimology trends and help CISOs stay ahead of the curve.
Organisations will learn how to help their CISOs implement the appropriate protections and determine what risk posture they should assume to defend against cyber attacks.
Nation-state attack vectors
Cyber attacks could be carried out by nation-state attack vectors, which are sponsored by certain countries such as China, North Korea, or Russia on Ukraine.
“Each country has its own set of agendas,” Mr Kudrati pointed out.
“For example, North Korea is interested in cryptocurrency mining and targeting organisations in the finance sector. Russia is more interested in government organisations that are favouring or helping Ukraine.”
In Australia, the educational sector has increasingly been targeted in the last six months, particularly schools and universities, followed by consumer and retail, manufacturing and government, and the IT industry.
“For example, Chinese and Iranian state actors are targeting Australia and India, especially the Australian education sector and the Indian IT sector for the purposes of collecting intelligence,” Mr Kudrati said.
Indeed, cyber security experts recently warned that Chinese hackers are learning how to better attack Australian organisations and infrastructure through training provided by Australian universities.
The parliamentary joint committee on intelligence and security has recommended that universities exercise caution when entering into educational partnerships, following its inquiry into the “national security risks affecting the Australian higher education and research sector”.
How CISOs can protect organisations
An organisation’s chief information security officer (CISO) is essential to averting and preventing these attacks, but developing a strategy that is tailored to the types of attackers is key.
First, they must understand what data their organisation stores and the types of threats they are susceptible to.
For example, to prevent phishing email attacks, CISOs could implement multifactor authentication for every employee.
“Instead of using just a password, use an authenticator app, which will ask for second-factor authentication if anyone wants to access systems within their environment,” Mr Kudrati said.
“So, even if your password is compromised, your system is secure because hackers won’t have the second factor.”
In addition, CISOs must update their patch management systems to fix vulnerabilities in software and applications that are susceptible to cyber attacks.
Thirdly, CISOs must foster zero trust as a concept, under which one of the principles is the least privilege system, Mr Kudrati suggested.
This ensures that access is only provided to those who require it, including employees, vendors, or contractors.
“For example, employees should not have a super administrator privilege for accessing their company environment,” Mr Kudrati said.
“Their username and password should only work on the system they use every day.”
Finally, Mr Kudrati urged CISOs to simplify their organisation’s identity architecture and regularly review who has access to their organisation.
He concluded: “Having good visibility of who has access to what and reviewing it frequently goes a long way in defending an organisation against all sorts of threats, including different types of malware, including ransomware and phishing emails.”
To hear the latest in cyber crime victimology trends and how CISOs can determine their organisation’s risk posture and implement the appropriate protections, come along to the Cyber Security Summit 2023.
It will be held on Thursday, 1 June, at Hotel Realm, Canberra.
Comments powered by CComment