The five trends driving ransomware tactics

Ransomware attacks continued to increase in 2020, and 2021 looks set to follow the trend. Unfortunately, the past 12 months has seen substantial evolution in ransomware tactics, as attackers look to improve their results.

In this post we look at 5 key ways this critical cyber threat is evolving.

Is supplier risk management useless?

 

So here we are again. Another supply chain attack which has led to the compromise of highly sensitive computer networks. Is this the point we draw a line under supplier risk management, put hands up and say ‘too hard’? Alex Stamos, Adjunct professor at Stanford University’s Center for International Security and Cooperation and former chief security officer (CSO) at Facebook seems to think so. In a tweet following the SolarWinds compromise he said,

“Vendor risk management is an invisible, incredibly expensive and mostly useless process as executed by most companies. When decent, it happens too late in procurement.”

For those of you who follow our blogs, you will know that this is a subject we also have strong views on. It is our view that supply chain risk is something companies cannot solve on their own. We were therefore delighted to see statements in the 2020 Australian Cyber Security Strategy that help is on its way:

“The Australian Government will establish a Cyber Security Best Practice Regulation Task Force to work with businesses and international partners to consider options for better protecting customers by ensuring cyber security is built into digital products, services and supply chains.”

What this Task Force looks like outside of the conceptual, we will need to wait and see. Given recent events however, we at elevenM hope whatever the action is, that it gets delivered sooner rather than later.

elevenM’s submission to Australia’s 2020 Cyber Security Strategy

As a passionately Australian company, elevenM is emotionally invested in the safety and prosperity of this country. We recognise that national progress will increasingly depend on our collective ability to answer the significant challenges of the cyber domain.

That’s why we  were excited to lend our voice to the development of Australia’s 2020 Cyber Security Strategy, by responding to the Australian Government’s call for views.

Our contribution, which we submitted earlier this month, highlights areas we feel we should be collectively taking a closer look at. These include:

  • Taking a national approach to managing supply chain risks
  • Engaging cyber security service providers in national cyber security initiatives
  • A sharper focus on attracting and developing strategic, executive-level cyber security talent, and
  • A stronger national voice on cyber security, privacy and data issues

Our submission, and these recommendations, draw on our direct experience as cyber security and privacy practitioners. In working with prominent Australian businesses and government agencies on their digital risk challenges, we’ve observed both emerging challenges for individual businesses as well system-wide issues and patterns.

We hope our submission will be a constructive contribution to the development of the Australia’s 2020 Cyber Security Strategy.

Click here to read our full submission.