Australia’s answer to thwarting ransomware is good cyber hygiene
The federal government has provided advice on how to counter ransomware in Australia, encouraging the use of multifactor authentication and urging businesses to keep software up to date, archive data and back-up, build in security features to systems, and train employees on good cyber hygiene.
The advice was provided in Locked Out: Tackling Australia’s ransomware threat, which is a 14-page document [PDF] prepared by the Cyber Security Industry Advisory Committee. It’s touted by the Department of Home Affairs as “[building] awareness for all Australians and their businesses on the current ransomware threat landscape”.
“Ransomware attacks today present a major threat to Australian organisations,” the paper declared. “In 2020, cyber criminals conducted successful attacks on major Australian organisations at a volume never before experienced.”
The paper presents case studies on attacks, such as the one experienced by Toll last year, in addition to advice on how to protect against ransomware attacks.
“Early detection of a ransomware attack is paramount to minimising impact,” it says.
It also says many of the most impactful ransomware attacks could have been avoided with foundational cybersecurity controls and good cybersecurity hygiene.
“For small businesses, which make up 93% of employing businesses in Australia and provide employment for nearly 45% of Australia’s workforce, the challenge is different,” it continued.
“They don’t have chief security officers, an IT team. or possibly even an IT qualified team member, which is understandable when over half employ less than four people.
“All businesses have valuable data and systems they need to protect. It is vital that they establish strong foundational controls and practice good cybersecurity hygiene practices.”
The paper then pointed readers to the Australian Cyber Security Centre’s (ACSC) not-so essential Essential Eight controls for mitigating cyber attacks.
Dipping its toes into cyber insurance, the paper stated that the critical takeaway is organisations should see cyber insurance as one component of a holistic cybersecurity program, not as a replacement for one.
Two Labor shadow ministry members last month called for a national ransomware strategy focused on reducing the number of such attacks on Australian targets. Shadow Minister for Home Affairs Kristina Keneally and Shadow Assistant Minister for Communications Tim Watts declared that due to ransomware being the biggest threat facing Australia, it was time for a strategy to thwart it.
On Thursday, Watts called the government’s ransomware paper a missed opportunity.
“While Labor welcomes the government’s acknowledgement of the ransomware problem, this report falls short of acknowledging the scale of the AU$1 billion problem,” he said.
“Instead of using the opportunity to launch a debate about the role government can play in shaping the calculus of ransomware gangs sizing up Australian organisations, the Morrison government continues its approach of playing the blame game.”
To Watts, it’s not good enough to tell businesses to defend themselves by “locking their doors to cyber-criminal gangs”.
“As the Australian Cyber Security Centre has warned, ransomware gangs are employing increasingly sophisticated organisational models and pressure tactics to reap record illicit profits,” he said.
Such response, Watts said, was particularly disappointing in the face of the state-backed Hafnium campaign against Microsoft Exchange servers.
“Thousands of Australian servers are potentially vulnerable to a further wave of ransomware attacks exploiting this vulnerability and potentially financially devastating Australian businesses,” Watts continued. “The Morrison Government must do more to actively tackle the ransomware threat and develop a National Ransomware Strategy.”
Following the Microsoft Exchange Server hack, Assistant Minister for Defence Andrew Hastie on Wednesday asked Australian organisations to take immediate steps to urgently patch vulnerable systems.
“The ACSC has identified a large number of Australian organisations yet to patch affected versions of Microsoft Exchange, leaving them exposed to cyber compromise,” Hastie said.
“Australian organisations cannot be complacent when it comes to cybersecurity, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems.”
Watts called the government’s response delayed.
“Issuing a media release seven days after the vulnerability is disclosed is the cyber equivalent of telling people to shut the gate after the horse has bolted,” he added.