Cyber threat grows, as profits from crime double in 2023

Risk Matters - Autumn 2024

Shady man in hood

Time for local governments to invest in, and review their incident response plan.

2023 set a new global record with cybercriminals making a staggering $1.1 billion from ransomware attacks, surpassing the previous year’s total of $567 million (Chainalysis).

While ransomware payment volume dropped in 2022, the bigger picture from 2019 to 2023 shows that ransomware is becoming a bigger problem. It’s important to note that productivity
losses and repair expenses resulting from these attacks aren’t accounted for in these trends.

The Australian Signals Directorate (ASD), Annual Cyber Threat Report 2022/23 provides an Australian context for these global trends. The cybercrime landscape in Australia is changing with a growing prevalence and impact of ransomware attacks. The ASD responded to 127 extortion-related incidents, out of which 118 involved ransomware or other forms of system, file, or account restrictions. Additionally, the ASD notified 158 entities of ransomware activity on their networks, representing a seven percent (7%) increase compared to the previous year.

In the same period the ASD’s Cyber Report received nearly 94,000 reports of cybercrime, reflecting a 23% increase compared to the previous financial year. Overall, the cost of cybercrime to businesses increased by 14% compared to the previous financial year.

Other sections in this season's Risk Matters

Where we’ve been – Autumn 2024

LGIS, together with WorkCover WA and legal partners Mills Oakley and Moray & Agnew have delivered four sector specific information sessions on the new Workers Compensation and Injury Management Act (2023) WA.

Read More »

Be prepared with an incident response plan

With cybercrime on the rise, incident response plans are crucial to minimise the impact of cyber-attacks. By being prepared and proactive, members can better protect themselves against ransomware threats and mitigate potential financial and reputational damages.

Pre-incident response

Post-incident response

1. Update internal guidance

Make sure to document what you’ve learned from the attack, how it happened, and the steps you need to take to prevent
it from happening again. Look at your ransomware policy and make any necessary updates. Don’t forget to also update your IT disaster recovery plan.

2. Review backup strategy

Review and refresh the data backup strategy, incorporating accepted best practices and lessons learned in the ransomware event. This may require re-architecting the data backup system if it falls short of data security needs.

3. Bring in external expertise

Engage a cyber defence service provider to perform an ‘indicators of compromise’ assessment of the entire network. Find and eliminate any remaining malware or associated files or artefacts. Consider using a provider other than the forensics company that supported the response. While discovery and eradication of indicators of compromise is part of the response effort, an independent and comprehensive post-incident assessment will provide additional confidence that ransomware has been eliminated.

4. Identify lessons learnt and weaknesses

Address network and system vulnerabilities or gaps identified during the forensic analysis to prevent a repeat attack. Conduct an after-action review and lessons learned (AAR-LL) session with all who were involved in the incident. Capture information on what went well and what did not go well and identify corrective actions to improve the response process for future ransomware events. For each gap or weakness, identify a senior manager or executive to be accountable for the completion of corrective actions.

5. Review backup strategy

Review and refresh the data backup strategy, incorporating accepted best practices and lessons learned in the ransomware event. This may require re-architecting the data backup system if it falls short of data security needs.

Cyber risk program

LGIS recognises the support our members need in this highly complex and technical area, so in 2022/23 we launched our cyber pilot program. The risk program, currently in its second phase, aims to develop guidelines to explain ASD Essential
8 requirements and the implementation steps to achieve compliance with these requirements to the greatest extent possible. In addition to the ASD 8 guide, LGIS will also release an Incident Management Guide to assist members build their own protocols.

Members also have access to Chubb’s incident and claims management expertise. The 24/7 hotline is supported by Clyde and Co. who can assist in triage and management of a cyber incident including legal advice, contractor selection and ransomware negotiations.

To have a chat about your cyber risk practices and how to manage them, please get in touch with your LGIS account manager.

Share on Twitter
Share on LinkedIn

Other sections of this season's Risk Matters

Man painting mural on wall

The rising risk of anti-social behaviour

Across Western Australia local governments create and deliver spaces that welcome everyone – from libraries to recreation centres and playgrounds. These services and facilities foster community connection but unfortunately they can also witness anti-social behaviour.

Read more »
Warning posters

CCTV and security

CCTV, alarms and dedicated security may require significant investment (depending on scope), but for those local governments who have identified serious hazards associated with ASB, it’s an investment that may be warranted. When considering these options, it’s important to consider not just the initial investment but the ongoing commitment of resources.

Read more »