The increase in reported cybercrimes in Australia during the 2021-2022 financial year has only heightened concerns regarding the safety and security of Australian data. With over 76,000 logged incidents and an average cost of $63,000 per cyber-attack across all levels of business, it’s more crucial than ever for all organisations to improve their cyber-security posture.
And while we may rejoice in the introduction of mainstream Artificial Intelligence products such as ChatGPT and Google’s Bard to help us do better, smarter business, those same tools are also a boon to cybercriminals. The sophistication of their attacks is on the rise, so in turn, your response to security must also be more complex and multilayered.
What is a multilayered approach to security?
Good question. A multi-layered cyber-security defence approach involves implementing multiple layers of security controls and measures throughout your infrastructure.
Think of it as adding a camera, pressure pads, and a motion and heat detector on top of your basic house alarm. So, for your business, that would translate to including perimeter security like firewalls and intrusion detection systems (IDS) as well as endpoint security such as anti-virus. With these many layers of security in place, you can proactively defend your business from advanced attacks that could potentially cost you tens of thousands of dollars on multiple fronts, or layers.
It's only by diligently adopting a multi-layered approach that you can ensure you have a comprehensive and cohesive security posture.
What's SOC got to do with it?
A multi-layered approach is all well and good. But what if you could add the services of a dedicated, 24/7 security team with the ability to see what’s happening at any given time and continuously monitor your environment?
In other words – a Security Operations Centre (SOC). When you have a SOC, you have a personal security team that provides real-time monitoring, analysis, and protection of your IT assets against cybersecurity threats.
The Fusion5 Security Operations Centre provides these services as one layer of protection for our customers’ IT assets.
To give our service context, here are some real-world examples of cyber threats we've been seeing, and what we're doing to combat these, and keep our customers safe:
1. Brute force attacks
A brute force attack is a cyberattack where a bad actor tries to gain access to your system or application. They do this by repeatedly trying different combinations of usernames and passwords until ‘bingo,’ they’re in. This attack method looks to exploit the fact that many users choose weak passwords (like ‘password’ or ‘123456789’) or use common passwords across multiple accounts, making it easier for attackers to guess the correct credentials. A compromised user account can be used to move laterally into more privileged accounts or access internal systems.
And if you think it’s not going to happen to you, bear in mind that over the 2021-22 financial year, the Australian Cyber Security Centre took down over 29,000 brute force attacks against Australian Servers.
So, how do we help customers stay safe? To prevent brute force attacks, we work with our customers to implement stronger password policies, enable effective multi-factor authentication, and limit the number of login attempts allowed before locking an account.
In addition, our SOC deploys automated incident responses which automatically impede brute force attacks by blocking the IP addresses associated with the attack.
In conjunction with the above techniques, we use Microsoft Sentinel and Azure Logic Apps to ensure our customers are in a proactive state of defence. So, together, we’re one step ahead of the attackers at all times.
2. SQL injection
Sounds nasty, and it is. In an SQL injection attack, malicious SQL statements are inserted into data-driven and/or web-based applications – for example, your ecommerce store or WordPress site. A common method of insertion is by entering ‘special’ code into your online forms and which tricks your system into running the malicious statements. And presto, they have unauthorised access to your sensitive data. Like your passwords, credit card and banking details, and other personal user information.
How do we help our customers stay injection free?
To prevent these attacks, our first step is to ensure your application follows best practices when it comes to accepting user input. We restrict the kind of information that can be entered through parameterised queries, as well as sanitise user input by checking for common attack techniques – which reduces the amount of malicious code entering your application. Then, by storing commonly used procedures and keeping your software up to date, we can help you enhance your user experience as well as keep your application as secure as possible. By putting these precautions in place, you greatly reduce your risk of an SQL injection attack being successful.
For added peace of mind, we also provide continuous monitoring services which can detect SQL injection attempts on your firewall. So, if an active attack is identified, we immediately shut down access - reducing the potential consequences enormously.
3.Phishing and social engineering
Phishing remains the most reported type of cybercrime in Australia, accounting for 39% of all cybercrime incidents.
Phishing is a type of cyberattack where an attacker tries to trick you and your team into revealing sensitive information, such as login credentials or financial data. This is typically done through fraudulent emails or websites that mimic legitimate ones, often using logos and branding that appear to be from trusted sources.
Phishing attacks usually involve some form of social engineering. They create a sense of urgency or use persuasive language to convince the victim (who could easily be you, or a fellow employee – from CEO to AP administrator) to take a certain action, such as clicking on a link or entering their login credentials. Once they do so, the attacker can steal your information and use it for various malicious purposes, such as identity theft or financial fraud.
A common example we’ve experienced at Fusion5 is an email suggesting a consultant has shared a new file with a fellow worker through SharePoint. The email itself appears indistinguishable from previous similar emails, but the link isn’t to a known Microsoft webpage, and the sender was definitely not Microsoft.
Noticing small and often obscure details are essential to your ability to spot suspicious emails. Cyber awareness training is a critical first step for all our employees – and one that we recommend is yours too. It refocuses us all on ensuring multiple levels of security are in place, because despite the best of intentions, expecting untrained users to never make a mistake is both unreasonable and extremely risky.
That’s why we advocate that the first crucial step in protecting your organisation against potential phishing attacks is to establish a strong phishing awareness program. We collaborate with our customers to implement and carry out these programs, ensuring that their employees are vigilant and capable of identifying potential phishing attempts. Additionally, we conduct internal training programs and carry out mock attack tests to safeguard our own staff, systems, and customer data from phishing threats.
Microsoft is globally recognised for creating and maintaining best practice security tools and practices.
Utilising Microsoft Defender for Office 365, Fusion5 can set your organisation up with a proactive defence and introduce another layer to protect your organisation. For those using Microsoft 365 with Business Premium or E5 licensing, we can assist you to enable Anti-Phishing policies and Safe Links to immediately enhance your cyber security posture and support your user’s by automatically moving suspicious emails into a user’s junk email folder or quarantine them altogether. This means your users won’t see flagged emails at all, removing any opportunity for human errors to lead to compromise and proactively stopping threats against our customer environments.
Why SOC is an essential part of your security posture
As mentioned at the start of this blog, as technology continues to evolve, cyber threats are becoming more sophisticated and pervasive. And as the frequency of attacks grows, the financial damage they cause will only increase in severity – making it vital to take proactive steps to protect your organisation against cyber threats.
Forbes rank cybersecurity as one of the ten top risks and threats for businesses in 2023. And they further say that Gartner research suggests that by 2026, near 50% of the C-suite will have their performance requirements related to cybersecurity risk built into their employment contracts.
Clearly, taking fiscal responsibility for being prepared, proactive and resilient when it comes to cybersecurity is now critical. But without a dedicated SOC, it’s more challenging that it needs to be.
Because cyberattacks rely on human error and negligence, as well as the use of increasingly intelligent technologies such as artificial intelligence and machine learning to be successful, we believe that a multi-layered approach is the best way to keep your staff, your business, and your customers safe.
With Fusion5’s SOC on your team, you will be able to address both technical and human vulnerabilities with a combination of training, tools, policies, and continuous monitoring. So when an attack inevitably happens, you will be best placed to repel the attack, and reduce the consequences. If you feel your organisation’s security posture could be improved, just reach out and connect with our dedicated security professionals.
