Globally, manufacturing, healthcare, manufacturing and finance saw increases of 200%, 300% and 53% last year in all known cyber attacks.
In Australia, manufacturing companies accounted for 13% of all known attacks, behind the global average of 22%.
Here are the findings of global technology services firm NTT Ltd, released last week in its Global Threat Intelligence Report 2021 (GTIR.) Their accounting for cybersecurity maturity levels gave Australian manufacturers a score of 0.76 (up from 1.4 in 2019), below the APAC average of 1.98 and the global average of 1. , 21 for the sector. (NTT’s rating defines 0 to 0.99 as “non-existent”.)
@AuFabrication spoke with John Karabin, senior director of cybersecurity at NTT Australia about the results and their context.
@AuManufacturing: Obviously, we would like to know more about the decrease in cybersecurity readiness your report found for Australian manufacturers. What is behind the drop since 2019?
John Karabin: It’s such a small industry in Australia, so it’s a bit prone to the whims of certain companies, but I would definitely say the focus may not have been there in manufacturing.
“The answer is uneven. Some take it very seriously and for others it is really just a second thought. And so I think the lower maturity is a reflection of the average decline. It doesn’t reflect some of the business examples here. But the manufacturing sector around the world has really realized that this is a target. I think if the industry was bigger in Australia it would have been a much bigger target here as well. But elsewhere we have seen very considerable attention to them, both from probably sophisticated criminal groups, but also from nation-state organizations. And that’s the real trend this year.
@AuManufacturing: There were some high profile ransomware attacks in the middle of last year at Bluescope and Lion. Is this a continuing trend?
John Karabin: Yes, an absolute trend. Ransomware is only increasing in terms of impact and gaining a foothold and then wreaking havoc in an organization, and that trend doesn’t seem to have abated at all. But we’ve seen other malware trends. So that’s not the only nasty thing there. But ransomware enjoys high visibility because of its significant impact on businesses, and not just in manufacturing. And I would say we’re involved on a weekly basis with retail, manufacturing, and other industries in terms of recovering from the severe impact of ransomware in particular. So I think it probably gives more visibility than some of the other things. And sometimes the risk is that it will distract you from other issues that businesses like the ones you mentioned suffer from, like email fraud. Business email compromise is always a big issue, and it almost competes with ransomware. The reason ransomware has become so important is that it has become highly industrialized. There is almost a supply chain of several criminal organizations putting components together. They don’t do everything. They kind of rent their malicious code to other groups and then tailor it to a particular industry. And I think one of the big highlights, if you will – between inverted commas – for the past year is that malware and ransomware is largely country-specific, industry-specific, company-specific. and even to a sector of this business. So we don’t see these general types of very general ransomware sprays that may or may not be successful. The ransomware we see and read about was stealthily inserted. Criminals do reconnaissance, they understand how and who does what in the organization. And then they click the trigger and detonate this ransomware. And once they’ve done all the damage, once they’ve put the back doors in, quite frequently now with these companies, they’re also exfiltrating. So extract the data before they ransom so that they can have another attempt. And there are a few examples of this in the press right now with companies that have criminals who have threatened to take large amounts of data and they are using this as even more leverage to force a ransom payment. .
@AuManufacturing: Is there any information on who targets Australian manufacturers? State actors from a specific country? Organized crime? Other?
John Karabin: We’re not going to declare who it is, just because it’s a very, very complicated path that we see. So the answer is all of the above. Assigning the exact identity can be very difficult. However, we certainly see actors from nation states. There are no two ways about it. There are several large countries that are actively interested in manufacturing and we know that because of the intention. So it gives it sometimes. Ransomware is usually a quick hit or financial gain, if you like. And so it’s usually in the criminal community. Obviously, they want to make money with what they do. Nation states are trying to acquire intellectual property, to understand where a manufacturing process is, to get some kind of advantage. So we see that in the manufacturing sector, Japan, for example, sees its auto industry heavily targeted, clearly for intellectual property theft and capabilities. In Australia we have certainly seen it in the medical sector. The big factor last year was Covid, it’s still this year, of course. And not just the impact at the individual domestic level and the shift to working from home, but every business in this country has had to change their workforce and the way it works. And sectors in Australia, like the healthcare sector, have been heavily targeted. And part of that was clearly to make money. So we see more recent cases of hospitals in the press with ransomware. But we also certainly know that Australia is a leader in the healthcare industries. And so early last year and certainly last year, we’ve certainly seen an increase in surveillance attacks, probes using known vulnerabilities, botnets being used to sort of log in and gain a foothold in all of these areas. And you can assume it’s not just criminals, it’s some nation state actors.
@AuManufacturing: What is the assessment of cybersecurity issues in Australia? Do governments generally understand in your opinion?
John Karabin: I’m happy to say I think they got it. I think they are devoting more and more resources to this problem. They can always invest more, of course, every country in the world can always invest more in this file.
I tend to always go to the main Australian Cyber Security Center website, which has become extremely useful. We encourage many of our customers to keep in touch with this. They now run fairly good briefings on a daily basis. Some of them are categorized, others are open briefings on vulnerabilities and attacks. I did a session with a very large company with staff to teach them Cyber Security 101 for your home environment, for your kids and your family. And there is a section on this website that is actually there for individuals, what to do, what happens when the crooks call you.
Overall, the government has done well. They still have a long way to go, coordination between industry and government needs to be strengthened. The work is therefore not finished. But they don’t ignore it and are constantly improving their posture. But this is such a big problem. I believe that government is not alone in being able or participating in improving the maturity and resilience of our society. Large companies must grow considerably. And I would give you the same answer about big business. For example, in Australia there are some really good organizations that have really taken cybersecurity very seriously and down to the board level. And there are some who are still far behind where they should be.
And, you know, they almost pay a price these days. You’re almost guaranteed to have a cybersecurity incident if you haven’t made sure you’ve checked all the boxes, crossed and dotted all the I’s and Ts around your best practice approach..
(This interview has been edited slightly for clarity.)
Image: Getty Images
Subscribe to our free @AuFabrication newsletter here.