Hello everyone.

September '21 had a lot going on in the land of Cybersecurity - seeing the release of 3 major vulnerabilities and exploit Proof Of Concepts (POCs) for Apple IOS (iPhone), Exchange Autodiscover, and VMWare vCenter Bad Packet. We'll go into some depth of these exploits, but I would like to first make an announcement.

In the previous blog, we analysed the key trends that emerged out of ACSC Annual Cyber Threat Report (2020-2021). To summarise, in the last financial year, ACSC reported an increase in the number of reported cyber crimes perpetuated by individuals, groups and state actors alike, including:

• Over the course of 2020 - 2021 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year.
• The increase in volume of cybercrime reporting translated to one report of cyberattack every 8 minutes compared to one every 10 minutes reported in 2019 - 2020 financial year. 
• Self-reported losses from cybercrime totalled more than $33 billion. 
• ACSC received over 22,000 calls on the Cyber Security Hotline – an average of 60 per day and an increase of more than 310% from the financial year 2019 - 2020.
• A higher proportion of cyber security incidents reported in the financial year 2020 - 2021, was categorised by the ACSC as ‘substantial’ in impact.

They say hindsight is 2020, and in this case, we're glad that 2020 is behind us. Fires and Viruses and Explosions (oh my!). During the course of the (ongoing) pandemic Australians, businesses and individuals saw an increased dependence on the internet - Working from home, accessing information and staying in touch with colleagues, friends and family. We saw many people lose their jobs and certain sectors struggle with the change and others collapse entirely. Due to the increased reliance on the internet, we also saw an increased attack surface and an increase in cybercrime activity. On a year-on-year basis the ACSC saw an increase in cybercrime reports of 13%, totalling some 67,500 reported incidents, roughly translating to 1 attack every 8 minutes and impacting every business sector and government agencies at all levels. An important takeaway is these are only the events we know about. The pandemic saw an acceleration in Cybercrime, but also in the sophistication of the attacks. Subnet has been developing a defence in depth strategy in alignment to ISO27001, ISM & Essential 8, and NIST frameworks to help our partners develop and grow their security through a step by step maturity journey.

The ACSC report identifies a couple of key attack trends and threats as follows:

As the number of cyber attacks around the world continues to grow, organisations of all sizes, including not-for-profits, are faced with a very real threat. So, how prepared are you? According to ACSC Annual Cyber Threat Report July 2019 to June 2020, over 2,200 cybersecurity incidents were reported by Australian businesses between 2019 and 2020. While the majority of large companies have security strategies in place, there are still many smaller organisations who are yet to take the necessary steps to minimise their risk.

Unfortunately, many not-for-profits find themselves under-prepared, which can now directly impact getting grants or funding, as basic security measures are requested by many businesses and government agencies prior to providing funding.

The good news is that you don’t need big budgets and endless resources to tackle cyber security. There are plenty of simple and affordable steps you can take right now to protect your organisation.

Here are 7 top security tips that will minimise your risk today.

Australian organisations are increasing their spending on cybersecurity measures in response to the growing risk of cyberattack. Approximately $5.6 billion was spent on cybersecurity solutions in Australia during 2020, and that figure is anticipated to rise to $7.6 billion by 2024.[1]

With the recent news on JBS Foods, the world's largest meat processing company, having fallen victim to a cyber-attack¹ that led to a shutdown of its production facilities worldwide, the conversation on cyber-security and the steps that businesses need to undertake to ensure 'lights remain on' needs to be at the top of the stack. At Subnet, our focus continues to be on educating and implementing proactive solutions that secure businesses' IT operations from external threats and internal incidents. In this blog, the fourth in the series (see links to the previous in the footnote), we touch on the measures that businesses need to implement to secure employees working from home.

Welcome to part three of our five part blog series on Cybersecurity 2021. ICYMI (in case you missed it) here is the link to the first tow article, in the series:

Part 1 - Five signs that your organisation is at high risk of cyberattack 

Part 2 - Three low-cost ways to secure your organisation online

With a cyberattack occurring every 39 seconds, organisations cannot afford to be complacent when it comes to cybersecurity.[1]

Welcome to the second article in the five-part series on Cybersecurity 2021. ICYMI (in case you missed it) here is the link to the first article - Five signs that your organisation is at high risk of cyberattack - in the series.

A targeted cyberattack happens every 39 seconds on average. While it is easy to think it will never happen to your organisation, with around 164 cybercrime reports per day in Australia, or one every 10 minutes, it is a matter of when, not if, your organisation will become a victim.

Reading through the latest ransomware report provided by Datto and collated from 200+ Managed Services Providers across Australia and New Zealand, I grew concerned about how Australian Small-Medium Businesses may be thinking about the growing threat landscape.