Zetta general manager Ben Sneddon says the Russian invasion of Ukraine has pushed cyber security to the forefront of the global agenda again, as demonstrated by Russia’s recent attack on Ukraine’s power grid.
Zetta is a privately owned, Western Australian based IT services provider, which specialises in assisting its clients to adopt, optimise and manage Microsoft's modern work and security platforms.
In Microsoft’s 2021 Digital Defense Report, which tracks cyber threats against nation-states, Ukraine was second only to the USA in the number of attacks it had experienced over the past year. Given the history of cyber-attacks against Ukraine attributed to Russia, expert commentators assume current incursions into Ukraine will involve cyber warfare.
Mr Sneddon says given the increase in malicious cyber activity around the world, it’s time for organisations in Western Australia across both public and private sectors to evaluate their preparedness to protect, detect and respond to malicious attacks.
“Global trends really do show that more and more organisations are experiencing cyber security attacks and those attacks are becoming more sophisticated, so organisations of all sizes and all ownership structures need to continuously raise the bar when it comes to keeping their organisation’s data and systems secure,” he says.
The Western Australian State Government’s Information Systems Audit Report 2022, released on March 31, found in State Government entities there is considerable risk to the confidentiality, integrity and availability of agencies’ information systems, with just half meeting the Auditor General’s benchmark. In addition, half the agencies that had material security issues identified in 2021, still had them this year.
“We see that in ASX100 companies, cyber security is right at the top of their agendas but it's really the next level down, where perhaps the directors and the executive team aren't as experienced in the cyber threat landscape,” he says.
“We find it's often not on their radar until they get breached, they've had some significant disruption to their operations, or they've had a data leak that affects their reputation.
One of the common attacks is via human-operated ransomware where malicious actors penetrate the organisation’s network and lay dormant before they start exfiltrating data, unbeknownst to the organisation.
Mr Sneddon explains they then encrypt all the data, which makes it inaccessible, asking for huge payments to reverse the encryption. This can drive company operations to a halt.
“Some of these companies could be in the energy industry or part of the defence force supply chain, so it's pretty sensitive stuff,” Mr Sneddon says.
“We help Western Australian organisations to stay one step ahead of the bad guys and for the most part, it's not necessarily about being smarter than them or knowing more because that's very difficult; there are a lot of sophisticated criminal organisations and even government organisations in places like North Korea or Russia.
“So, it's about making it difficult enough for them that they go to the next company which may have weaker security. It's the same as if you've got a security grill on your windows and you've got an alarm and a dog, then the burglar goes to the house next door which has no security.”
Mr Sneddon says organisations often have a piecemeal approach to their security that means products from multiple vendors. He says Microsoft has made a massive investment in cyber security over the past few years and is now recognised as one of the top players in the field globally. In addition, they provide end to end security on the one platform.
“Because it's a single vendor protecting everything, not only do you have better visibility across all of the systems because it's all integrated, but you also save money because you've invested strategically in one platform, rather than having a piecemeal approach where every company is charging you a premium.”