By Mark Troselj, Group Vice President for Australia and New Zealand, Splunk
Studies indicate that cyber attacks are increasing. Data breaches and costly ransomware infections are leaving security teams exhausted in their ongoing battle to mitigate the risks, leading to concerning headlines across the globe.
There is, at least, some good news for the local region. Compared to other countries, Australia and New Zealand reported fewer cyber attacks in the last two years, including data breaches (35 percent, compared to 49 percent of organisations in other countries), business email compromise (33 percent versus 52 percent) and successful phishing attacks (33 percent as opposed to 48 percent). On a bright note, while many organisations face cyber security skills shortages, only 22 percent of staff in the region reported that they were considering leaving their position, compared to 38 percent of respondents elsewhere.
Unfortunately, these nuggets are outweighed by other, grimmer statistics – such as the revelation from the Australian Cyber Security Centre (ACSC) that Australia had to deal with a cyber attack every eight minutes in the 2020-21 financial year – and insights gleaned from Splunk’s recently released ‘State of Security 2022’ report. The report was conducted in January and February 2022, and included responses from over 1200 security leaders and practitioners working in 11 different regions – Australia, Canada, France, Germany, India, Japan, the Netherlands, New Zealand, Singapore, the UK and the US. It reveals two alarming trends:
- Cyber crime is rising dramatically across the globe – 49 percent of organisations reported suffering a data breach in the last two years (compared to 39 percent previously), with 79 percent encountering ransomware attacks and 35 percent losing access to data and systems due to such attacks.
- The so-called ‘great resignation’ is having an impact – along with fresh security challenges associated with remote working, experienced security personnel leaving the industry has exacerbated the ongoing talent shortage in the industry (73 percent of respondents noted workers resigning because of burnout). And while the situation in Australia and New Zealand may seem less grave, with ‘only’ 72 percent of respondents finding the security landscape more difficult, compared to 86 percent globally, it has become very clear that tackling cyber crime, and ransomware attacks in particular must be an absolute priority for any organisation. One positive sign is that over two-thirds (67 percent) of global organisations are investing in advanced analytics and security operations automation to address the growing problem of cyber crime.
Traditionally targeting specific businesses, ransomware is now capable of disrupting critical infrastructure across countries and has even become another warfare tool.
Fighting back
Splunk’s recently launched strategic cyber security arm, SURGe, has conducted research into ransomware, with the aim of providing defenders with actionable knowledge.
Analysing 10 major ransomware strains, including Lockbit, REvil and Blackmatter, it discovered that, while speeds vary between ransomware types, the rapidity of encryption (up to 60GB in under 45 minutes) means an organisation can potentially lose access to critical customer data, IP and employee information in less than an hour. And that’s just the average speed. LockBit, one of the most prolific ransomware families, can encrypt 100GB in under six minutes. This means there is simply no time for counteraction.
Added to this is the factor that organisations typically take three days to discover that they have a ransomware infection (Mandiant’s ‘2021 M-Trends report’).
Above all, SURGe’s research demonstrates that organisations need to stop relying on response and mitigation strategies, and focus on preventing infections, utilising such practical steps as better patching, network segmentation, centralised logging, comprehensive asset inventory, MFA (multi-factor authentication) and proactively seeking ransomware actors on the network before they can deploy their ransomware binaries.