Geopolitical uncertainty, rapid Internet of Things (IoT) adoption, and accelerated digitalisation will continue to fuel cyberattacks in the years to come. In the 2021-22 financial year, the Australian Cyber Security Centre (ACSC) reported a significant jump in the number and sophistication of cyberthreats, receiving approximately 76,000 cybercrime reports, a 13 per cent increase from the previous financial year. [1]

Ilan Rubin, chief executive officer, Wavelink, said, “Australia has become an increasingly lucrative target for cybercriminals using sophisticated techniques to steal and expose sensitive customer information and business-critical data.”

“While cybercrime has been rising for years, recent high-profile cyberattacks on Australian critical infrastructure providers have been wake-up calls. Organisations should never treat cybersecurity as an afterthought. Securing systems and networks containing sensitive and valuable data must be an imperative.”

There are three critical reasons why businesses must make cybersecurity an urgent priority:

1. Geopolitical events have complicated the evolving threat landscape

Since Russia invaded Ukraine in early 2022, cyberattacks have been used to support conventional warfare efforts. As a result, there is a significant increase in disk-wiping malware used by threat actors. Fortinet’s 2022 Global Threat Landscape Report revealed that at least seven major new wiper variants are being used to target Ukraine’s government, military, and private sector organisations. [2] As geopolitics continues to shape the cybersecurity threat environment, Australia faces a wave of nation-state-backed cyberattacks that may already be lying dormant, waiting to be activated to leave a trail of destruction. [3]

The current geopolitical and cyber risk landscape requires businesses to urgently invest in powerful cybersecurity software tools to maintain robust defences, minimise operational interruptions, reduce data loss or compromise, and improve overall security posture.

2. Rapid IoT adoption is fuelling attack surface expansion

IoT’s rapid rise and growth of capabilities are fuelling an organisation’s expanding attack surface, adding greater complexity and making it difficult to secure networks. The shift to cloud computing also expands the attack surface, exposing it to new security risks such as limited visibility, non-compliance, and data loss or compromise. Other emerging technologies powering the metaverse, such as digital twins, blockchain, and cryptocurrency present various cybersecurity issues and provide cybercriminals with dangerous levels of access.

Businesses can limit the opportunities for cybercriminals by implementing zero trust policies, eliminating network complexity, regularly scanning for vulnerabilities, and segmenting networks to prevent lateral movement and secure cloud workloads.

3. Ransomware attacks are reaching dangerous levels of sophistication

The number of ransomware variants has almost doubled in six months [4], with additional variants made possible by Ransomware-as-a-Service (RaaS). RaaS is a subscription-based model that sells or rents ransomware to affiliates to execute attacks. Some of the top RaaS variants, such as Ryuk, ALPHV, Hive, REvil (also known as Sodinokibi), and Egregor, specifically attack high-value targets across industries, including critical infrastructure.

IIan Rubin said, “The best way to protect against ransomware is through a proactive approach that prioritises real-time visibility and remediation, with zero trust network access and endpoint detection and response. Businesses can also educate employees about ransomware through a comprehensive cybersecurity awareness training program.”

The urgent need for increased cybersecurity controls

Threat actors routinely exploit poor security configurations and weak controls to run, destroy, or enable other malicious activity. Organisations that haven’t invested in adequate cybersecurity solutions are putting their business and their customers, stakeholders, and suppliers at risk of financial and reputational damage.

IIan Rubin said, “It is imperative for companies to minimise their attack surface by implementing zero trust policies and limiting the number of entry points cybercriminals can seek to exploit. However, organisations must first understand the dynamic cyber threat landscape and its impact on business operations. Visibility into the entire scope of potential and recognised threats will help companies anticipate risk, identify vulnerabilities, and determine the impact when, not if, an attack happens.”