There is no doubt 2020 has been a challenging
year for businesses across every element of the supply chain and in all
sectors. The bushfires from earlier this year gave way to a far greater
disruption in the form of COVID-19. Despite these significant shocks, there is
now light at the end of the tunnel for many businesses who have been battered
by the twin economic and health crises.
Amid these large-scale crises unseen risks have
been brewing. The recent large-scale cyber-attack on government and businesses by
a nation-state actor is one example. These attacks, designed to steal
intellectual property and cripple critical infrastructure, demonstrates the
looming cyber threat that cannot be ignored.
This attack came on the heels of a significant
uptick in cyberattacks by organised crime groups in recent months. These well
publicised attacks, such as the attack on beverages company Lion or the one on
Toll Group, have laid bare the weakness of cyber defences.
Nation-states and private actors are increasingly
targeting FMCG supply chains and logistics companies. These actors are aware of
the disruption it can cause to not only the business in question, but also the
operations of multiple businesses who are reliant on their goods and services. Further,
e-crime actors have also seen the opportunity to charge high-value ransoms. This
has particularly been the case during COVID-19 when all elements of the supply
chain have become more vulnerable due to understaffing, social distancing
requirements, and increased consolidation.
Australian businesses are yet to understand the
severity of the impact a cyber attack can have on a supply chain. For example, McGrathNicol
recently fielded questions from a hospitality business who relied on Lion
beverages for their supply of milk. The disruption of something as simple as
milk supply was something this business had not considered a risk and as a
result had an impact on their business while they considered alternate and cost
effective supply.
Since the onset of COVID-19, we have observed multiple ways that cyber attackers have evolved their tactics. These attackers have leveraged people’s stresses and anxieties such as the removal of JobSeeker payments, or wanting access to health information, to lure people into clicking malicious links and opening compromised emails. Recently, we have even seen cyber attackers attempt to leverage the Black Lives Matters protest to lure the recipient into reading or viewing a compromised link.
A new ransomware tactic is the provision
of tools that allege to remove ransomware the attackers themselves have installed.
Businesses who are impacted by a Ransomware attack will often look for an
option to recover in a way that doesn’t involve paying a Ransom. We have seen tools made available on the
internet, allegedly made available by security firms or law enforcement, that
claim to be able to unlock files which have been locked in the attack. When
people download and use the software, they inevitably find themselves in a
position of having to pay a double ransom – one from the initial ransomware
attack and another for the double encryption that has occurred from the
installation of the new software which is in fact Ransomware.
Cyber criminals are also becoming much
more strategic and considered in their approach. Rather than a smash and grab
attack, criminals are becoming more patient. For example, a threat actor can
have access to a business’ network for months and will weigh up when to act in
an effort to cause the most damage to its reputation and financial position.
Despite the increasing threat, it is
evident that cyber attackers have been able to adapt their tactics quicker than
businesses have been able to keep up. IT departments are still reactive,
meaning they will seek to defend, defeat and deal with the consequences of an
attack, but are lagging on strategies for active prevention.
What should businesses do?
As cyberattacks become increasingly
sophisticated, businesses need to think beyond traditional approaches to keep
their networks safe.
- Review security software: Fewer organisations
are falling victim to a virus or a piece of malware. Rather, we are now seeing
people falling victim to other people. An attacker will work their way around
your system, regardless of your software. Therefore, organisations should be
looking at reputable security solutions that include behavioural analytics,
which use AI technology to identify threats through change in behaviour, rather
than relying on software that is programmed to look for generic triggers.
- Ensure you have the right solution for your business: Smaller businesses tend to rely on what someone sells them. It is
crucial that an independent assessment of your business’ needs and network is undertaken
to ensure you have the right tools and systems to protect for your business.
Attackers are becoming accustomed to tailoring their tactics for specific
targets, and generic one-stop-shop software will no longer cut it.
- Delineate between IT and Security: Many
people still think that IT and Security are still the same thing. Each
department has different skillsets and requirements, and it is crucial that
organisations define these roles, so that a strong and qualified security team
is in place to monitor networks around the clock and ensure everything is safe,
protected, and reliable. This is no different to security teams monitoring
health and safety issues outside of technology. Many businesses outsource these roles and
often having two service providers, one for IT and another for security, offers
a balanced approach.
- Effectively communicate: When supply chains are attacked, companies begin to review and
reconsider contracts they have with their suppliers and their rights under
those contracts. Clear, fast, and consistent communication with all
stakeholders reliant on the supply chain regarding what is happening, what it
means and how it impacts them is crucial to remediation and recovery.
Darren Hopkins, partner at McGrathNicol Advisory.
