Oh, man, I loved that band. I listened to Men at Work's album "Business as Usual" over and over and over on my Walkman.
This is the first video that I've talked about, and it's well worth the watch. It's a press conference with the Australian PM and Defense Minister; you can also find the transcript here:
The really cool thing about this, that I absolutely hope we will see soon from the US government, is that I listened to a senior government official, the leader of the Defense Ministry, talk about patching, multifactor authentication (MFA), and becoming an ACSC (https://www.cyber.gov.au/copy-paste-compromise) partner. Wow! Prioritization and leadership.
While that is a tremendous start, this is while reports are that Australia and Australian companies are well behind in planning, budgeting, and executing InfoSec-integrated resiliency plans. All the patching, MFA, and partnership in the world can't stop a sophisticated spearphishing attack directed at critical and sensitive infrastructure and high-value applications.
Ransomware isn't just for criminal gangs targeting individuals anymore. APT actors from globally-unfriendly nation-states seek to destabilize, uncover, and destroy anything they can as often as they can. It is the equivalent of state-sponsored (I'm using a lot of hyphenated words here today!) terrorism, ordered at the highest levels, and most countries and companies (and individuals) have no idea where to start. Well, strong leadership and commitment from leaders in our governments and companies is a start. See above, for a great example.
Do I seem serious about this? I am. If you think for a second that those same nation-state APT actors aren't actively targeting the United States and others with nefarious goals in mind, you are naive and mistaken.
If only the all countries had leadership that committed to our Cyber Defense at such high levels! Can you imagine other current leaders stepping up to the podium and focusing on cybersecurity threats? And then focusing on the common good? I can't, unfortunately...
But I digress.
How do you protect your organization? Zero Trust. Visibility. Micro-segmentation of assets that prevents lateral movement and integrates into SIEM and other tools. Ensuring that all resiliency and DR planning includes security at the table as a partner and vice versa. Tear down your silos. Be proactive, but be prepared to react by creating incident response and mitigation workflows.
Anyway, I've spent my rage for the day.
I have a bottomless supply of that. All joking aside, to paraphrase the Australian PM and DM, it's the responsibility of all of us to engage in InfoSec, and especially the burden lies on those who know to educate and protect those who don't. There's no single battle here, but one long and ongoing effort vs. dedicated and persistent enemies.
One last thing:
“We know it is a sophisticated state-based cyber-actor because of the scale and nature of the targeting and the tradecraft used. The Australian government is aware of and alert to the threat of cyber-attacks.”