The Best Defence is a Good Offence: Cyber Defence & Vulnerability Management

The Australian Cyber Security Centre (ACSC) recently issued a priority alert, encouraging Australian organisations to urgently adopt an enhanced cyber security posture. Conflict in the Ukraine and instability in the region have significantly increased the cyber threat environment globally. ACSC’s priority alert, currently with ten revisions and counting, represents the need for Australian organisations to be prepared and proactive given the growing number of global threat actors.

Furthermore, the Federal Parliament recently passed the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 to expand on what industries are classified as “critical infrastructure”. Under the amendment, operators of systems of national significance are obligated to meet “enhanced cyber security”, meaning proactive testing and vulnerability management will be mandatory, rather than the exception.

Threat actors are continuously evolving and refining their tactics, techniques, and processes. New vulnerabilities are being researched, exploitation proof of concepts are being coded, and we are seeing more creative and novel ways being used to gain initial access and a foothold in an organisation. Security testing enriches an organisation’s security posture by reinforcing their defensive capabilities, guiding their security strategy, helping identify vulnerabilities that may turn into major breaches and incidents, and verifying that controls are configured correctly. It forms a critical part of any organisation’s cyber resilience and should not be seen as just a compliance activity.

Below are four key considerations for your cyber defence strategy:

• Identifying the unknown risks in your organisation. Threat landscape assessments, as well as vulnerability assessments are used to identify your external and internal exposures. Gaining visibility of the unknown risks internally is advantageous in developing a defence in-depth security strategy.

• Regular testing to continuously identify new vulnerabilities and their business impact is now a necessary part of proactive security. In 2021, our practitioners found that the overwhelming root cause of all identified findings were security misconfigurations, such as when secure practices were not followed on configuration settings causing security deficiencies. The significant number of identified findings in this category reinforces the “trust but verify” mindset of configurations, which should be checked and verified through regular security testing.

• Red Teams simulate Real Life. An organisation consists of more than just its cyber It is made up of physical elements (buildings, offices, facilities) and people. Consideration beyond your servers and websites should be tested, with realistic red team assessments – a comprehensive and realistic exercise designed to identify entry vectors into your organisation. These exercises can be used to test your organisation’s defences and response to any crisis.

• Patching, the lead cause of ransomware. The two leading root causes of a ransomware incident (based on our assessments and incident response investigations) were due to a lack of patch management, or weak passwords and authentication controls. All of our 2021 security testing assessments identified some form of password or authentication control deficiency. Furthermore, all patch management failures identified had a critical or high-risk severity, due to high profile zero-days or publicly available exploits.

Read more in our Cyber Defence & Vulnerability Management flyer.