Australian as well as New Zealand organisations experienced a significant rise in ransomware, that averaged four incidents in five years, in 2021 to four attacks in the span of a year in 2022. new report by the leader in cloud-native network detection and reaction (NDR), ExtraHop, has been released.
Of those who were victims of ransomware, more than eight out of 10 (82 percent) confessed to having paid the ransom more than once.
As organizations increasingly come in danger, data found that they are buried in cyber-security debt, unaddressed security risks like software that isn’t patched or devices, not properly managed shadow IT, insecure network protocols that function as entry points for criminals.
Eight out of ten (80 percent) Australian and New Zealand IT decision makers believe that outdated cybersecurity practices are responsible to at-least half the cybersecurity incidents that their organizations encountered. In spite of these alarming figures less than two-thirds (62 percent) of those polled said they’re taking action to tackle any outdated security practices that place their organizations at risk.
The study also revealed that the majority of Australian or New Zealand respondents are running at least one of the insecure network protocols. Despite the calls of top technology providers to eliminate SMBv1 that was a major factor in the rise of WannaCry and NotPetya 84% of respondents remain running it in their networks.
If it’s about unmanaged devices, over half (53 percent) claim that some of their most critical devices can be remotely controlled and accessed. They also can be accessed via the internet.
“As organisations find themselves overburdened by staffing shortages and shrinking budgets, it’s no surprise that IT and security teams have deprioritised some of the basic cybersecurity necessities that may seem a bit more mundane or expendable,” ExtraHop chief security, risk and security officer Mark Bowling said.
“The possibility of a ransomware attack dependent on the size of surface attack area that is unprotected, which is a prime illustration of cyber security debt. The liabilities, and ultimately, the financial losses due to this deprioritisation, add to the burden of cybersecurity debt and exposes organizations to increased risk. A better understanding of the network using an NDR solution will help uncover the truth about cyber security and highlight the most urgent vulnerabilities, to help them manage their cyber debt.”
ExtraHop recommends that organizations adopt the following steps to evaluate and correct cybersecurity debt
1. Conduct continuous monitoring of the network
Maintaining a list of both hardware and software is essential to ensure security hygiene. It is suggested in the security first and second checks in the CIS Top 20. Although it’s a necessary security procedure, maintaining an inventory can be a problem for organizations who rely on manual point-in time audits to find the devices and protocols running on their networks.
The best option is to employ the network monitoring software which continuously monitors and analyzes network traffic in order to determine each device connected to the network as well as each protocol that is in use at any time.
Second step: Refresh the configuration Templates and Settings
Software and devices that connect to the internet have default settings which may become out of date as time passes. If an entirely new solution or device is introduced to the network and left in the default settings, then it could be running protocols that are not anymore considered to be secure.
Similar to cloud systems, cloud systems and workloads utilize configuration templates to decide the protocol they will use. As new protocols are created and older versions are discarded the templates for configurations may become outdated and require updating. New workloads that are created using an older template could introduce unsecure protocols into the system. Due to the frequently brief and fleeting nature of cloud-based applications it can be difficult to detect the instances of unsafe protocols and figure out what to do to eliminate them from your systems. That’s where an monitoring software can come in handy.
3. Delete unneeded ports
Other options organizations can employ to address cybersecurity-related network debt is to shut down ports that are not being used and unneeded services for devices connected to the internet and, most importantly creating and implementing an action plan for replacing outdated protocols.
