Ransomware attacks increased precipitously in 2021, with the first half of the year seeing nearly double the number of ransomware attacks globally as the same period in 2020. APAC organisations were victimised by an average of 1,338 cyber attacks each week -- the highest in the world. Meanwhile, the Europe, Middle East, and Africa (EMEA) region saw 777 attacks per week, while the Americas trailed at 688.
Even more concerning is the type of organisations being attacked, particularly in Australia. Over the past year, 25% of cyberattacks reported to Australian officials targeted critical infrastructure and essential services, including healthcare, food distribution, and energy. In addition to threatening Australians' health and safety, these cyberattacks caused Australian organisations and individuals to lose over $33 billion.
What's behind this dramatic rise in ransomware attacks? The rapid digital transformations that companies were forced to embark on due to COVID-19 played a large role. Whilst organisational IT personnel scrambled to enable and secure armies of remote workers, cybersecurity frequently took a back seat to business continuity. However, the sudden shift to distributed work doesn't shoulder all of the blame. Remote work per se doesn't cause cyberattacks. In most cases, they're caused by weak or stolen passwords. Over 80% of successful data breaches, and about 75% of ransomware attacks, involve compromised user credentials.
With a set of working user credentials in hand, cybercriminals can bypass technical safeguards, such as firewalls, anti-virus software, and IDS/IPS systems, to breach organisational networks undetected. Once inside, they're free to move laterally within the network and can exfiltrate data, delete or alter files, and plant malware. They generally don't need to hurry since it takes an average of 250 days for organisations to detect a breach by an intruder who used stolen login credentials to get in.
It's against this backdrop that Keeper Security, the world's leading provider of zero-knowledge, enterprise-grade security and encryption software, launched a data center in Australia to cater to its growing customer base in both Australia and the wider APAC region. Based in the United States, Keeper is a multinational cybersecurity company, with customers in 120 countries. Keeper's new data center enables Australian organisations to store data in-country and align with regulatory and compliance requirements such as the Consumer Data Right. It also reduces latency by delivering content as close to end users as possible, which means better performance for Keeper's business and consumer customers.
“Australia is a very exciting market, because it's both a major economic hub and a significant cybercrime target,” says Keeper CEO Darren Guccione. “Demand for our products has grown rapidly in Australia. We needed to make sure that our Australian customers wouldn't run into performance issues, and that we were making it easy for Australian organisations to comply with regional data sovereignty mandates.
Cybersecurity starts with Keeper
The decor in Guccione's Chicago office includes a poster that reads, "Cybersecurity Starts Here." It's a company mantra that reflects the importance of password security as the foundation of every organisation's cybersecurity.
Why are passwords such a vexing problem? Most consumers - and even organisations - engage in poor password security practices, despite having been repeatedly told that doing so is a major security risk. People use weak, common, and easily guessed passwords, such as “qwerty” or their child's name. They don't enable multi-factor authentication (MFA) wherever it's supported. They store their passwords insecurely, on sticky notes that can be viewed by anyone passing by their workstation, or in unencrypted spreadsheets or text files. And they reuse the same passwords across sites and apps.
Cybercriminals count on people reusing their passwords. As soon as they find a set of login credentials that work on one site, Guccione explains, they try to use them everywhere they can: on banking and credit card sites, shopping sites, government services portals, organisational networks, and more.
Keeper's password security platform, which is available for individuals, families, and organisations, automatically generates strong, random, unique passwords for all user apps and accounts, then automatically fills them into websites and applications. It even stores and fills in MFA codes. Keeper is compatible with virtually any device, running any operating system, so users can always access their passwords, whether they're using their phone, tablet, desktop machine, or laptop.
Because Keeper uses a zero-knowledge security architecture, all data is encrypted and decrypted locally, at the device level. Keeper does not hold or manage users' encryption keys, nor does it have any way of accessing users' master passwords or any of the data stored in their Keeper vaults.
Keeper's enterprise-grade software platform is built on a zero-trust security framework and a zero-knowledge security architecture. Keeper Enterprise includes an administrative panel chock-full of tools that enable IT admins to enforce password security policies throughout the organisation. Admins can easily see if users are engaging in poor password security habits, such as using weak passwords, reusing credentials, or not enabling MFA, and take corrective action. The Keeper Admin console also includes role-based access controls (RBAC) to enforce least-privilege policies.
Administration may be delegated according to department or by team leader, and folders and records can be securely shared and revoked. If an administrator or employee leaves the company, their vault can be automatically locked for secure transfer to another user at a later date.
Keeper is designed to be extremely easy to deploy and use, but if organisations need assistance, dedicated, knowledgeable support specialists are available 24x7 for customer support and training.
The Keeper platform's capabilities can be easily extended with advanced add-ons for single sign-on (SSO) integration, Dark Web monitoring, and more.
Keeper plans ambitious expansion down under
In addition to millions of consumers, Keeper's platform protects thousands of businesses, non-profit organisations, and government agencies worldwide, ranging from small office/home office (SOHO) companies, small and mid-market firms and large enterprises.
While COVID-19 has precluded Keeper Security from establishing physical offices in Australia, it's still a long-term goal. “We have big plans for serving the Australian market and the wider APAC region, particularly through our APAC team and channel partners,” Guccione says.
While there is no magic solution that will provide 100% protection against cyberattacks, deploying Keeper's enterprise-grade password management and security solution is an easy and inexpensive way for any organisation to significantly reduce their risk.