The Australian government’s Essential Eight provides a useful framework and basis for achieving a baseline of cyber security and mitigating against common treats, such as ransomware. However, to truly safeguard against the dynamic and evolving nature of cyber threats, organisations should look beyond the Essential Eight.
New technologies – such as the much-discussed AI – have significant implications for cyber security, and the medium to long-term outlook is that even more significant disruptions to cyber security are on the horizon.
To avoid an impossible-to-catch-up scramble in the future, organisations should be looking to what they need to do to go beyond the Essential Eight now.
Emerging Cyber Threats
The landscape of cyber threats is constantly evolving, with new challenges emerging that are more complex and persistent compared with traditional threats.
For one example, nation-state actors have become a significant concern in cybersecurity, in a way that is far broader than we’ve seen in the past. The nations of China, North Korea, Russia and Iran have been identified as “the big four”, and while traditionally these actors focused on either spying on government agencies or attacking critical infrastructure (as was the case when the Australian Parliament House was breached in 2019), private enterprise will also need to be wary going forward.
Some have compared the behaviour of these groups as increasingly like the “golden era of piracy” when state-sponsored pirates – privateers – were given free rein to attack commercial vessels, as a way of disrupting the economy of the nation the privateer’s sponsor was at war with.
Meanwhile, the utilisation of artificial intelligence (AI) in cyberattacks is on the rise. As many as 45% of cyber attacks now leverage AI on some level. This can be something simple, such as the attacker using AI to ensure that the spelling and grammar of a phishing email or website is error-free. However, as simple as that sounds, identifying poor spelling and clumsy language have been one of the most useful ways for people to identify a suspicious email. So this has implications on how individuals can manage their own risk of falling for a phishing attack or similar.
AI is also being used in the development of malicious code, and due to the speed and efficiency that AI can write code, the rate with which new viruses or versions of malware can be deployed is rapidly increasing.
For security teams, relying on what is often referred to as the weakest link in cyber security – humans – is not a wise choice. Providing support technology that mitigate the risks around attacks that successfully evade employees’ initial notice is key. That is why the Essential Eight calls on investments in application control, user application hardening and restricting administrator privileges. These cyber strategies still very much have a role to play as AI is leveraged by threat actors.
The Role of AI in Cybersecurity
While it forms part of the risk, AI can also help organisations to meet and exceed their Essential Eight requirements. In embracing what AI has to offer, organisations are also future-proofing their approach to security so that it can adapt to changing conditions going forward.
AI’s ability to efficiently and accurately analyse large volumes of data makes it particularly valuable for monitoring environments and identifying unusual activity, for instance, across Identity providers (IdPs), cloud or on-premise infrastructure. Combined with an environment that has the kind of privilege management requirements that the Essential Eight mandates, organisations can give themselves the opportunity to isolate, flag and investigate potential risks before they are able to affect systems. For example, ITDR (Identity Threat Detection and Response) solutions can assist security teams to uncover the hidden paths to privilege that are often leveraged by threat actors.
Looking Further Ahead
Right now, a properly calibrated IT environment can mitigate against the risk of current threats, no matter how many more of them are created. However, as we look towards the future, several emerging technologies and trends will further challenge the cybersecurity landscape.
Take, for example, quantum computing. The sheer power with which quantum computing promises to work will be revolutionary for data processing, however, it also means a significant risk to cyber security, particularly cryptography, once the wrong hands gain access to it. University of Sydney research suggests that encrypted data that would take a million years to break using current systems will take just a day with quantum computing.
Combatting this will inevitably require developing new encryption standards and improving existing ones to stay ahead of potential attackers. Government frameworks like Essential Eight are likely to continue to evolve as these new threats emerge.
For organisations, this means that meeting and exceeding the regulatory requirements for cyber security will never be a “set and forget” matter at any point going forward. Organisations need to make sure they’re partnering with cyber security providers that not only have the technology for today, but a philosophical approach to cyber security that will continue to support the evolving needs and compliance requirements as new threats and technology come to market.