The Department of Defence Assistant Minister, Hon Andrew Hastie MP, released a statement on 15 June 2021 acknowledging the ongoing barrage of ransomware impacting businesses across multiple sectors of the economy and outlined steps government agencies are taking to fight back.
We have seen a significant influx in ransomware attacks in 2021, which builds on the influx of attacks in 2020. According to research by Cybersecurity Ventures (accessible here), it is expected that, in 2021, a business will suffer a ransomware attack every 11 seconds. As threat actor operations become increasingly sophisticated, the impact of ransomware attacks is becoming more severe. Significant ransom payments have been on the rise.
Mr Hastie's statement highlights the $165 million to be invested by the Australian government towards countering cybercrime. It also raises the advice and assistance provided by the Australian Cyber Security Centre (ACSC) to defend Australian businesses from attacks by malicious threat actors. This includes using offensive cyber capabilities to disrupt the operations of threat actors, as well as the intelligence it gathers to warn and protect organisations that may be targeted.
For example, in March 2021, the ACSC performed various scans and left warnings on various business systems it identified as being vulnerable to Exchange Server compromises once Microsoft released patches for the dangerous vulnerabilities.
Regular reporting of cybercrime to the ACSC will help in combatting ransomware and all cyber incidents. If you face a cyber incident, we encourage you to report it to the ACSC through ReportCyber.
The statement also promotes a proactive approach to arm businesses with the right type of ransomware defence. To this end, a ransomware Prevention and Protection Guide, and Emergency Response Guide have been published by the ACSC here.
As the release rightfully states, prevention is better than cure, and with cyber security the best offence is often a strong defence. Businesses are getting better at dedicating resources to mitigate cyber risk but more is needed. The ACSC's Essential 8 is a great start but ideally should represent the baseline that businesses aim to achieve.
Having adequate cyber defences is imperative to minimising costly downtime and ensuring immediate recovery of data for business continuity and resilience.
If you need help to gauge or improve your cyber resilience, or to deal with a cyber incident, we can assist with a range of services and expertise.
To read the full government release, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.