Exabeam shares cyber learnings and predictions for the region

In this article, Exabeam’s VP of Sales for APJ, Gareth Cox, and Director of Alliances for APAC, Sean Abbott, discuss the current state of cyber risk in our region, based on learnings from 2022 and predictions for the coming year.


With the recent spate of very high-profile cyber breaches in APAC, cyber risk is now elevated in the national consciousness. Whereas previously the media seem to have drip-fed breach stories and a steady stream of educational articles about cyber risk into the public consciousness, there was a certain element of indifference from the general population – simply too much general noise and not enough specific information. Individuals had the opinion that their IT departments would take care of things, and therefore they needn’t be concerned. Now, that risk is much more evident, so both individuals and corporations are paying more attention to cyber risk.


There is a lack of trust between consumers and corporations now, on both sides – consumers know their details may have been compromised recently, are aware that the Dark Web may hold their private data and are more circumspect about transacting digitally.


From the company side, there is a perceived higher risk of fraud, and concerns that customers are not legitimate. This presents the likelihood that sales or other new interactions are fraudulent.


This will serve to elevate an organisation’s knowledge around identifying patterns of behaviour, and the importance of analysing all levels of data available. It will also reinforce the point that cyber security organisations are not a catch-all, and therefore it is necessary to collaborate to a higher extent in order to close more attack vectors.


The recent breaches – in Australia particularly – highlight the fact that it is time for organisations to renovate or rebuild their SOCs. This spate of major cyber breaches has demonstrated that what was deployed years ago doesn’t necessarily work today.


Mapping companies to controls to see if their investments are effective will be a major part of effective cyber risk planning, looking at specific cyber use cases like ransomware, credential-based attacks and insider threats.


Skills shortages and increased financial pressures are on the rise across APAC, so automating many elements of an investigation will be key, moving forward.


Another point of concern flows from the fact that, during Covid, companies deployed a lot of Cloud Services Providers. However, this poses the question – do the organisation’s security operations still have full visibility into exactly what is deployed and where data/IP is located?


With a downturn in the economy, staff reductions will happen so how do you stop disgruntled staff stealing IP or disrupting business availability? Insider Threat will be a board discussion during tough times, and must be a major consideration, with proper governance and protocols in place to counter this rise in threats.


The Australian Federal Government has added to the Critical Infrastructure bill recently, with significant incidents needing to be reported to the Australian Cyber Security Centre within 12 hours. Less serious attacks can be reported by phone within 72 hours with a follow-up written report up to 48-hours later.


The rule is part of a suite of critical infrastructure reforms that will take hold this year and next, and which apply to 11 sectors of the economy and companies operating 22 assets.


Following the events of the past few months, it is likely that more sectors will be considered “Systems of National Significance” (SONS), just as telecommunications was added following the Optus data breach. This will mean that the Australian Signals Directorate will require sensors installed networks to convey telemetry to the ASD. Advanced SIEM tools will be required by more critical infrastructure assets in order to detect anomalous patterns of behaviour.