On the Shoulder of Giants: Empowering Cybersecurity for Brisbane’s Emerging Businesses

At the end of last year Brisbane’s Signature Restaurant, Innovatus Media (publisher of StrategyNext), saw a gathering of 22 cybersecurity executives from a variety of small to medium emerging businesses in Queensland. Hosted by Innovatus Media and Arctic Wolf, the session offered a crucial platform for industry leaders to converge, share experiences, and gain insights into the ever-evolving challenge of cyber resilience.

The session’s presenter was Arctic Wolf’s David Hayes, the company’s ANZ Director and thought-leadership evangelist. David presented an open discussion which enabled the guests to explore the landscape within the context of their own challenges. Here are some of the key takeaways.

Are we really responding?

Hayes noted a 48% surge in cybercrime losses since 2022, this is juxtaposed to the 11% year-on-year spending increase that organisations have been investing in cyber solutions. This leads to the big question, is the current approach really working?

The sentiment in the room pivoted towards the necessity of preventive measures. Attendees emphasised the importance of board members’ awareness, citing real-world incidents that triggered increased interest and investment in cybersecurity. A real-life example was presented by a law firm, which faced a cyber extortion that ultimately triggered a strategic response by the business, also prompting other organisations in the industry to invest more in their cyber threat prevention.

However, a divergence emerged in the approaches of some organisations when tackling cyber resilience. While one stance prioritised comprehensive response and mitigation systems, another seemed to adopt a passive stance, relying solely on backup and ransomware systems. 

Tactics and Root Causes: The Challenge from Within

The discussion also delved into the evolving tactics employed by cybercriminals, attributing the surge to the reduced barriers facilitated by advancements in artificial intelligence. Attendees recounted encounters with increasingly sophisticated phishing emails, noting the rise in authenticity due to models like Chat GPT and Generative Artificial Intelligence (GAI), along with an increase of exposure to voice scams.

The general consensus in the room saw user actions to be the primary contributors of cybercrime events. Password reuse, phishing, social engineering, malicious URLs, and SEO poisoning were identified as common examples.

Astonishingly, however, 71% of these root causes emanated from external exposure, highlighting vulnerabilities in internet-facing devices, misconfigured firewalls (RDP), and cloud services.

Notably, 43% of incidents resulted from software exploitation and vulnerabilities that could have been prevented with timely security updates. Another 25% traced back to remote access hijacks, exacerbated by the growth in remote work on unstable public networks post-Covid-19. In contrast, 12% of incidents arose through email fishing and only 7% originated from password reuse.

The big question asked of the audience was, are we really monitoring our systems effectively?

 

The Cyber Insurance Conundrum and the Skills Gap Challenge

A survey conducted by Arctic Wolf of 210 mid-level organisations revealed that 34% struggled to secure cyber insurance due to overlooked exposures. The diminished support for cybersecurity in smaller organisations with 500 seats or fewer exacerbated this challenge. 

A critical factor contributing to the growth in cyber incidents is the gaping skills gap in the industry. With only 10,800 professionals currently employed in cybersecurity across ANZ, there are 1900 open roles, with 5-10 roles per applicant; creating a dire shortage. One CISO attendee mentioned that it took 9 months for them to fill a junior cyber security role. 

Many companies have outsourced various facets of their cyber operations to countries with cheaper labour conditions. Additionally, the expectation of a degree or extensive experience in cyber to enter the industry adds to this challenge. Attendees expressed a pressing need for a mindset shift to promote education and training in cybersecurity and the wider IT industry to lower the barriers of entry to enable the transition into cyber an easier career choice.

Arctic Wolf’s Role: Proactive, Always-On, Threat Prevention

In this landscape of challenges, Arctic Wolf emerges as a genuine ally of mid-level organisations. What Arctic Wolf offers is not just a service but a transformational solution – more resources, more personnel supporting cybersecurity teams 24/7, and a proactive approach to identifying and mitigating cyber risks.

Boasting 6000+ customers, supported by a team of 600+ security engineers, Arctic Wolf services emerging businesses 24/7. The platform identifies over 3.4 trillion events per week, showcasing the scale and sophistication needed to combat the ever-growing threats in the digital landscape. And uncovering that this level of support is not out of reach for emerging businesses.

In Conclusion:

The battle against cyber threats requires a multifaceted approach, from raising awareness among board members to addressing skill gaps and embracing proactive cybersecurity measures. Arctic Wolf, with its concierge service model, stands as a crucial partner in this ongoing struggle, providing organisations the resources they need to fortify their defences in the face of an ever-evolving cyber landscape.