With the end of financial year approaching, Australian businesses and organisations need to be vigilant about the security of their data and IT infrastructure, and to ensure they protect themselves from the growing number of cyberthreats that lurk during this period.
The Australian Taxation Office’s Cyber Security Stakeholder Group key messages from December 2021, noted an increase in reported ransomware attacks with tax agents, aligning with the Australian Cyber Security Centre-recorded 15% increase in ransomware cybercrime reports.
Ransomware attacks and credential stuffing are two common cybersecurity attacks that occur at the end of financial year (EOFY). Certified Public Accountants and accounting firms are increasingly the preferred targets during tax season as they hold a large amount of critical customer data for tax-filing purposes. Government tax websites and tax preparer websites are also under attack by criminals using credential stuffing knowing that people will choose weak or recycled passwords.
Steps to take if you are the victim of a ransomware attack
If you are a victim of a ransomware attack, first determine the extent of the disruption, which means verifying whether attackers have compromised the security of your backup systems and whether the malware has spread throughout the entire network. If the system is secure and you have an independent, pristine and verified copy of your data, you can avoid paying a ransom and rapidly restore data — after you have sealed the security breach that led to the attack.
Next, companies need to isolate any affected devices as much as possible to prevent further spread. Attackers will generally be well-embedded in the environment by the time the ransomware is actually deployed, so it’s typically a race against time to contain the impact.
After isolating the infected machines from the network, businesses have some breathing room to figure out how they want to handle the attack and to analyse the ransomware.
If organisations don’t have internal cyber expertise to investigate the attack impact they need to quickly seek help from external experts.
We strongly encourage businesses to never pay a criminal to decrypt their stolen files, as the chance of getting the data decrypted is low. Instead, they should look to their cybersecurity provider, or online for decryption keys which may already exist for the ransomware encountered.
Tips on protecting your business during EOFY
- Move your security stack to the edge —This is where threats, users and applications are, and moving the security stack to the edge ensures that attack traffic can be blocked right at its source, preventing access to its target.
- Adopt a Zero Trust approach —To prevent unauthorised access by malicious actors, organisations should adopt a Zero Trust strategy. With a ‘never trust, always verify’ approach across all entities regardless of location, device or application being used, and where the data is hosted, Zero Trust ensures only the right people have access to the network at any given time. The Zero Trust approach thinks and acts like the Secret Service — extremely vigilant, methodically checking credentials before allowing access — even when they recognise the person.
- Implement a security strategy that addresses internal and external threats — While common countermeasures such as MFA (multifactor authentication), strong identity and access controls, antivirus tools and more are a crucial part of the Zero Trust security strategy to defend against external attacks, businesses also need a strategy to minimise the risk of cybercriminals reaching critical assets once defences are breached. Microsegmentation can play a pivotal role in alleviating the impact of infections that slip through the cracks. Once advanced threats like ransomware penetrate a network, they are on the move, exploring the infrastructure for vulnerabilities and high-value assets. Microsegmentation ringfences critical data and systems to prevent or mitigate the damage once an attack has begun.
As we approach the end of financial year, companies need to proactively review and shore up their cybersecurity defences and policies as the impact a cyberattack has on a business can have devastating financial and reputational consequences.
By Chris Gibbs, Managing Director & Regional Vice President ANZ, Akamai
This article was first published by Technology Decisions