How businesses can beef up cyber defences.

Cyber attacks are increasingly prevalent towards the end of the financial year and during the key tax time months (July, August & September). Businesses need to be vigilant and protect client and company data against a heightened threat. At Highview, we ourselves have taken a ‘Zero Trust’ approach, investing in thorough security strategies to defend against external attacks – “It’s absolutely necessary in today’s online environment to remain proactive and vigilant. As a business it’s our obligation to ensure measures are in place to protect the integrity of our business and client data from any form of cyber attack or breach.” Said Brodie Crowther, Highview’s Marketing & Communications Manager.

With businesses looking to close off accounts and reconcile with their suppliers, customers and accountants, the financial period presents increased opportunities for cybercriminals to exploit financial year business processes, according to cyber security technology firm, Akamai.

Chris Gibbs, Managing Director & Regional Vice President ANZ, Akamai said with the end of financial year approaching, Australian businesses and organisations need to be vigilant about the security of their data and IT infrastructure, and to ensure they protect themselves from the growing number of cyber threats that lurk during this period.

He said the Australian Taxation Office’s Cyber Security Stakeholder Group key messages from December 2021, note an increase in reported ransomware attacks with tax agents, aligning with the Australian Cyber Security Centre recorded 15% increase in ransomware cybercrime reports. 

“Ransomware attacks and credential stuffing are two common cyber security attacks that occur at EOFY and tax time. Businesses are increasingly the preferred targets during tax season as they hold a large amount of critical customer data for tax filing purposes,” he said.

“Government tax websites and tax preparer websites are also under attack by criminals using credential stuffing knowing that people will choose weak or recycled passwords.”

“As we approach the end of financial year, companies need to proactively review and shore up their cyber security defences and policies as the impact a cyber attack has on a business can have devastating financial and reputational consequences.”

Mr Gibbs said if businesses ever find themselves a victim of a ransomware attack, they must first determine the extent of the disruption.

“This means verifying whether attackers have compromised the security of your backup systems and whether the malware has spread throughout the entire network,” he said. 

“If the system is secure and you have an independent, pristine, and verified copy of your data, you can avoid paying a ransom and rapidly restore data – after you have sealed the security breach that led to the attack. 

Companies can also look to isolate any affected devices as much as possible to prevent further spread, according to Mr Gibbs. Attackers would generally be well-embedded in the environment by the time the ransomware is actually deployed and it was typically a race against time to contain the impact. 

“After isolating the infected machines from the network, businesses have some breathing room to figure out how they want to handle the attack and to analyse the ransomware,” Mr Gibbs explained.

“If organisations don’t have internal cyber expertise to investigate the attack impact they need to quickly seek help from external experts.

“We strongly encourage businesses to never pay a criminal to decrypt their stolen files, as the chances of getting the data decrypted is low. Instead, they should look to their cyber security provider, or online for decryption keys which may already exist for the ransomware encountered.”

To better protect the surface attacks, Mr Gibbs said organisations can move its security stack to the edge. This is where threats, users and applications are, and moving the security stack to the edge ensures that attack traffic can be blocked right at its source, preventing access to its target. 

“To prevent unauthorised access by malicious actors, organisations should also adopt a Zero Trust strategy,” he said.

“With a ‘never trust, always verify’’ approach across all entities regardless of location, device or application being used, and where the data is hosted, Zero Trust ensures only the right people have access to the network at any given time. 

“The Zero Trust approach thinks and acts like the Secret Service — extremely vigilant, methodically checking credentials before allowing access — even when they recognise the person.”

Businesses can also implement a security strategy that addresses internal and external threats during the financial year review.

Mr Gibbs said that while common countermeasures such as multi-factor authentication (MFA), strong identity and access controls, antivirus tools and more are a crucial part of the Zero Trust security strategy to defend against external attacks, businesses also needed a strategy to minimise the risk of cybercriminals reaching critical assets once defences are breached. 

“Microsegmentation can play a pivotal role in alleviating the impact of infections that slip through the cracks,” he said.

“Once advanced threats like ransomware penetrate a network, they start their move, exploring the infrastructure for vulnerabilities and high-value assets. Microsegmentation ring fences critical data and systems to prevent or mitigate the damage once an attack has begun.”

If you think you should have more in place to protect your business against cyber attacks, explore Cyber Security Training offered through Business Australia here. Their cyber security solutions include automated staff training, phishing simulations, tools as well as policy & legal resources.