The year 2023 was a big year for cyber security professionals in Australia. While IT teams continued to deal with the fallout of some big Australian data breaches, the new 2023-2030 Australian Cyber Security Strategy was released to boost defences against future threats.
Experts from Rapid7 have argued that Australia can expect both advantages and risks from AI cyber tools in 2024. Meanwhile, ransomware attacks will continue as threat actors seek rewards from holding critical infrastructure hostage and exploit defence weaknesses in the mid-market.
Ransomware will continue to plague Australian organisations
The Australian market is a global top-10 destination for ransomware attacks, and the trend will continue next year. Rapid7 VP of Global Government Affairs and Public Policy Sabeen Malik said Australia’s cyber strategy showed the realisation many would be affected.
“The idea of the no-liability framework (for ransomware reporting) is a recognition that, at some level and at some scale, this is going to be more ubiquitous than just critical infrastructure; everybody, at some point, is going to possibly have to deal with this issue,” said Malik.
More organisations urged to plan approach to ransomware threats
Organisations should be stepping back now and asking what their policy and program is for ransomware, Malik said. This would include things like what disclosure will mean and whether they will pay a ransom, so they are not waiting until it happens, and it is too late.
PREMIUM: Use this security incident response plan.
AI and automation to provide advantages for cyber teams
The use of AI and automation will accelerate in cyber security in 2024. With AI and automation tools becoming more advanced in 2023, a lot of detection and remediation or prevention work can now occur automatically before vulnerabilities are exploited.
Rapid7’s Malik said this will help with the cyber security skills shortage because some of the functions usually done by analysts can now be automated using advanced technology.
“Another benefit is context. One of our industry challenges has been that, when it is working effectively, it can provide alerts in the tens of thousands if not hundreds of thousands a day. AI can provide more context, so analysts can do higher value work,” Malik said.
Some AI products could create more business risks than rewards
Enterprises using AI to enhance security have also been warned to proceed with caution. Rapid7 said some AI capabilities will “miss the mark” because a solution has been “rushed to market,” diminishing efficacy and, at times, increasing risk due to using AI solutions.
“In the AI use case, even as an assistant, all models are not the same,” Malik said.
With problems including hallucinations and variables such as whether a model uses open source or in-house data, Rapid7 recommends looking at each cyber security tool that uses AI on its own merits to assess the benefits and risks of using it for the organisation.
Critical infrastructure attacks to rise as criminals seek rewards
Disruptive ransomware attacks on critical infrastructure are likely to increase, in addition to attacks seeking to exploit personally identifiable information. Rapid7’s VP of Asia-Pacific and Japan, Rob Dooley, argues criminals will want to target greater rewards from the disruption.
SEE: Australia’s cyber shields strategy aims to protect critical infrastructure.
“For organised threat groups it is all about how to extract financial benefit,” said Dooley. “If you compromise personal and identifiable information, there’s the potential for identity theft. And those are significant issues, but they are kind of a long-term game for some of those organisations.”
Urgency creates ransom potential for infrastructure attackers
While Dooley said Australians are even beginning to feel a little blasé about data breaches, incidents like the recent cyberattack against ports operator DP World and the national Optus network outage showed the potential chaos that ensues when infrastructure is impacted.
“There’s been a rise in these disruptive attacks,” Dooley said. “But also, in terms of the ability to extract financial benefit, if you shut down a system like that, it really brings the urgency for it forward, and there’s a greater chance you’re going to be able to extract that ransom.”
Attacks on mid-market business weaknesses to escalate
Mid-market companies will likely be targets of interest for threat actors in 2024. A lack of in-house cyber security resources and competencies will combine to make them softer targets than some of Australia’s larger, better-protected organisations and sectors, said Dooley.
“In the mid-market, it’s often not economically feasible to have more than probably two or three people in your cyber team,” Dooley said. “So in terms of your ability to defend yourself versus a bank, it’s just a bit tougher. Criminals are out to exploit the weakest points.”
Extended SOC support can boost mid-market defences
The Federal Government is focusing on smaller businesses as part of its cyber strategy. This includes a AUD $7.2 million (USD $4.9 million) voluntary cyber health check program and AUD $11 million (USD $7.4 million) for one-on-one assistance for businesses during cyber challenges, including attack recovery.
Dooley said the mid-market is where businesses could extend a security operations centre methodology; organisations with small cyber teams could team up with a global partner with access to the tech, people and skill set to run a security program around the clock.
SEE: Logicalis turns to talent as a service to fill IT talent gaps in Australia.
“It’s foolhardy to think a mid-market business will have the resources or time or appetite to become a cyber security powerhouse,” Dooley said. “They really need to have partnerships in place.”
Enterprises to consolidate vendors to improve efficiency
Enterprises will seek to further consolidate the number of security vendors they use. Dooley said tool proliferation has often had detrimental effects on efficiency, as organisations deal with problems like the “noise” of more alerts or gaps due to configuration challenges.
“I don’t think the market will ever be in a position where an organisation can rely on a single security vendor, but there will be a shift from ‘best-of-breed’ to ‘best-of-suite,’ where they will work with two, three or four suites within an enterprise organisation,” Dooley said.
As such, consolidation of security vendors has been a global trend. In 2022, Gartner found that 75% of organisations wanted to decrease the number of vendors they use to reduce complexity, leverage commonalities, reduce admin overhead and provide more effective security.