Ensuring essential services stay online in the face of rising ransomware

If there was any doubt remaining around the threat ransomware poses to Australia’s way of life, the Australian Cyber Security Centre’s (ACSC) recent Annual Cyber Threat Report should put those doubts to rest.

For the second year in a row, the report reserved special mention for the potential disruption ransomware could wreak upon our nation. The authors of this year’s report did not mince their words: “Ransomware remains the most serious cybercrime threat due to its high financial impact and disruptive impacts to victims and the wider community”.

Dean Kelly

As more of the critical infrastructure that powers our nation and the public services we all rely on are increasingly digitized, the consequences of that data being held hostage increase exponentially.

This is part of the calculus driving attackers when deciding who to target. If they can cause the most disruption possible, the victim will be more inclined to pay the ransom so those critical services can resume as quickly as possible.

When reviewing the ACSC’s latest report, it’s clear attackers have their sights set on the public sector, healthcare providers and critical infrastructure as the industries likely to face the most severe consequences from their attacks.   

Public sector in the crosshairs

Of the more than 67,500 cyber incidents reported to the ACSC last year, more than a third (34.7 per cent) came from the public sector – Commonwealth government agencies reported the most incidents (19.5 per cent) while state, territory and local Governments weren’t far behind in second place (15.2 per cent).

Healthcare providers reported the fourth most cyber security incidents, with 7.3 per cent of all cyber incidents reported coming from the sector.

While it’s true that the higher representation of the public sector is due to the fact these agencies are compelled to report cyber incidents – whereas no mandate exists in the private sector unless the attack rises to the level of a ‘notifiable breach’ – the fact that more than 20,000 cyber incidents were experienced across all levels of government is cause for concern.

It’s important to note that the above numbers are not specific to ransomware attacks. That said, they may not be entirely unrelated. Sophisticated ransomware attackers carry out a high-level of reconnaissance and network scanning before targeting the victim with the ransomware itself. This helps to ensure that when the malicious payload is eventually delivered, it is not only successful but also as disruptive as possible.

The fact that more than 20,000 cyber incidents were experienced across all levels of government is cause for concern.

Mandating mitigation

During the last financial year, nearly 500 ransomware attacks were reported to the ACSC – an increase of 15 per cent compared to the previous year. Of these, 160 were severe enough to warrant the ACSC interceding directly to support the victim organisation.

Again, healthcare and state, territory and local governments were among the top five sectors reporting the highest number of ransomware attacks.

In recognition of the increasing scale, scope, and severity of ransomware attacks and other cyber threats, the Attorney General’s Department recommended the Government mandate the Australian Cyber Security Centre’s Essential Eight mitigation strategies for all 98 non-corporate Commonwealth entities.

These Essential Eight strategies, while not a silver bullet, are a baseline security posture to ensure organisations make it much more difficult for attackers to compromise their systems.

Included in the list are fundamental cyber hygiene practices such as application and operating system patching, multi-factor authentication and restricting administrative privileges. 

None of the strategies are particularly flashy, but all of them are effective.

As the recommendation to mandate the Essential Eight undergoes consultation with public sector entities, one of the strategies is worth paying particular attention to as it offers the best protection against the ongoing scourge of ransomware attacks – regular backups.   

These Essential Eight strategies, while not a silver bullet, are a baseline security posture to ensure organisations make it much more difficult for attackers to compromise their systems.

Ransomware insurance policy

Ensuring critical data is frequently backed up, air-gapped from other parts of the network and stored in an immutable format, allows operations to be rapidly restored after even the most sophisticated attack.

Essentially, it allows the victim to turn back the clock and restart operations from a point in time prior to the attack.

Getting ahead of the threat, Queensland’s Redland City Council is one public sector organisation that has implemented comprehensive backups as part of a wider ransomware mitigation strategy.

After witnessing an “unprecedented level of ransomware attacks” as attackers sought to take advantage of the shift to remote work and preoccupation with responding to the impacts of COVID-19, the Council’s CIO, Glynn Henderson, said having immutable backups was like an “insurance policy” against ransomware.

While the majority of the Essential Eight strategies focus on making it harder for attackers to compromise an organisation, ‘regular backups’ is the only one to address recovering from an attack when perimeter defences are inevitably thwarted.

As the ACSC’s latest report highlights, ransomware is the most serious cyber threat facing the nation and it is our public sector, healthcare and critical infrastructure industries who are at the top of attackers’ wish lists.

Without a silver bullet to stop every single cyber-attack, backups are one of the best defences against ransomware attacks. When implemented as part of a wider zero-trust approach to data management, immutable backups ensure critical public services can be rapidly recovered with minimal downtime following an attack. Most importantly, these services can be resumed without paying the ransom, which only rewards the hackers, encourages further attacks and continues the cycle. 

Dean Kelly is the Regional Director – Public Sector at Rubrik A/NZD

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required