Threats Rising: ASD Director Sounds Alarm for Australian Organisations
Deanne Sowers, First Assistant Director-General for Cyber Threat Intelligence at the Australian Signals Directorate, urges security leaders and organisations to take note of the state of cybersecurity in 2023
In a world where cyber threats are escalating in terms of both frequency and complexity, the Australian Signals Directorate’s First Assistant Director-General for Cyber Threat Intelligence, Deanne Sowers, recently provided invaluable insights into how businesses and governments need to proactively enhance their cybersecurity posture.
Delivering the keynote address at Corinium’s CISO Public Sector Online ANZ event in May, Sowers kicked off her presentation by referring to significant past incidents to underscore the pressing nature of the cyber threat landscape.
Sowers referenced the ransomware attack on the Colonial Pipeline, which disrupted fuel supplies across the east coast of the US, and a cyber attack against JBS S.A., a Brazil-based meat processing company, which resulted in JBS standing down thousands of Australian workers. These incidents illustrate the potential of cyber threats to critically disrupt infrastructure and cause chaos on a large scale, Sowers added.
Speaking about the nature of the threats that organisations are facing today, Sowers said: “Most of the compromises we observe use relatively simple tools and techniques. The compromise of legitimate accounts through phishing, access via misconfigured internet facing network devices, and exploitation of public vulnerabilities are things that we see all the time.”
While these compromises might seem rudimentary, Sowers emphasised that they can form part of broader, sophisticated malicious cyber operations that can cause substantial damage.
With the rise of digital technology and systems becoming more interconnected, Sowers also warned of the increasing appeal of the cyber supply chain as a target for malicious actors.
“Every time an organisation interacts with a supplier, manufacturer, distributor, or retailer in the cyber supply chain, there is an inherent risk that one of these sources could be compromised,” she said.
The extensive supply chain compromise of the SolarWinds Orion software in 2021 served as a glaring example of how devastating such breaches can be, affecting multiple organisations across various sectors.
Further, Sowers underscored a worrying trend: the rise in the exploitation of publicly disclosed vulnerabilities. The number of software vulnerabilities identified globally surged by more than 25% in the last year, exposing countless systems to potential breaches. She drew attention to the Log4j vulnerability that was publicised in December 2021 as a striking illustration of how widespread and damaging compromises can occur when widely-used software is targeted.
In response to these escalating threats, Sowers advocates for a robust approach to cybersecurity anchored by the “Essential Eight” strategies.
These guidelines encompass application control, patching applications, configuring Microsoft Office macro settings, hardening user applications, restricting admin privileges, patching operating systems, employing multi-factor authentication, and maintaining regular backups.
Sowers underscored the importance of these measures, saying: “When implemented to the same standard across all eight categories, they complement and reinforce each other.”
In addition to implementing these technical measures, Sowers also urged organisations to integrate cyber risk considerations into their overall business risk assessments.
“Cybersecurity has to be prioritised in business continuity plans, and having a well-exercised cyber incident response plan… is absolutely critical,” she asserted. These plans should outline roles, responsibilities, and planned actions developed outside of the pressure of an ongoing incident, enabling a rapid and well-coordinated response.
Beyond these plans and strategies, Sowers mentioned the role that every individual within an organisation plays in maintaining cyber hygiene. She emphasised the importance of fostering a cyber-secure culture throughout all levels of an organisation.
“Amplifying the simple things that staff can do to be cyber safe can really significantly reduce risk,” Sowers stated, referring to actions such as exercising caution with email attachments and unfamiliar websites.
Sowers concluded her presentation by reminding organisations to routinely assess their cyber risks, report any incidents promptly, and ensure they are prepared to respond effectively.
“One point that I just can’t stress enough is how important it is to report incidents to us as soon as you possibly can,” Sowers said.
Adding that the ASD’s Australian Cyber Security Centre does not share any organisational data without express permission, Sowers said reporting is invaluable in helping the agency to understand the whole threat environment, in turn helping the ASD to protect other organisations.
Summarising, Sowers stressed that the stakes for all Australians and Australian organisations were “really high”.
“The public sector is in a position of trust and remaining a hard target for malicious cyber activity and making every effort to protect the information we hold is crucial,” she said. “That’s why all have to do our part to improve not only our own organisations’ cyber security and resilience but also to understand the impact we can have on our collective cyber resilience.”
Deanne Sowers will be speaking at CISO Melbourne 2023, being held 17 – 19 July at the Crown Promenade Hotel. Click here to check out the speaker lineup and register to attend.