Defending against cyber threats: Key insights from a frontline cybersecurity expert
In today’s cybersecurity landscape, it’s easy to become desensitised to terms like ransomware and business email compromise (BEC). But behind these familiar headlines lie deeper, more nuanced challenges that Australian businesses are only just starting to face. During the ACS webinar Cyber Incident Response: A Frontline Story, expert Stefanie Luhrs exposed the hidden cracks in our defence strategies and the increasingly complex ways threat actors exploit them. Here’s what we should be paying closer attention to.
1. Ransomware: It’s not just about the payment
We often hear about the drop in ransomware payments—a clear win, right? Luhrs revealed a more intricate picture. While payment rates have decreased (from 85% to 29%), the attacks themselves are evolving. Cybercriminals are now using reputational damage and media exposure in ways we aren’t fully prepared for. In a world where public perception is a company’s greatest asset, attackers are leveraging the media as a tool. By leaking and selectively releasing sensitive data, threat actors are extorting organisations with something far more valuable than money: public trust.
This means the cost of a ransomware attack is no longer purely financial—it’s existential. For organisations, it’s not just about avoiding payment, but understanding how to safeguard their reputation in an age where a single media leak can cause irreversible damage. Have most companies considered their ransomware response in these terms? Probably not.
2. Business Email Compromise: The Trojan horse of cybercrime
Luhrs emphasised that BEC incidents are the quiet giants of cybercrime, often causing far more damage than ransomware. The financial losses from BEC—over $100,000 on average—are concerning, but the real threat is the growing complexity of these attacks. While BEC is often dismissed as “just” an email hack, it’s increasingly becoming part of more sophisticated, long-term attack strategies.
Threat actors are no longer aiming for a quick hit; they’re playing the long game. By sitting in email systems undetected, they gather valuable intelligence that allows them to launch targeted attacks at precisely the right moment—whether that’s manipulating a major financial transaction or interfering in business decisions. The real risk? Organisations don’t realise the extent of the compromise until it’s too late. BEC has evolved into a pervasive threat that can destabilise businesses from within.
3. Third-Party Breaches: The unseen risk
If Luhrs’s presentation taught us anything, it’s that supply chains are the Achilles’ heel of cybersecurity. Third-party breaches are quickly becoming the “new ransomware” because they offer maximum leverage. By compromising one vendor, attackers can infiltrate dozens, if not hundreds, of organisations. The problem? Most companies don’t even know where to begin addressing this risk.
Supply chain security is often an afterthought. Businesses place enormous trust in vendors and assume they adhere to strict cybersecurity protocols, but very few conduct regular, thorough assessments of their security measures. The most startling revelation? Even industries with strong internal cybersecurity defences can be crippled by a single vulnerable vendor. With 43% of third-party breaches originating from managed service providers (MSPs), organisations need to scrutinise their supply chain partners more rigorously.
4. Cyber Insurance: A key part of the solution
Luhrs offered a sobering reality: only 15-25% of Australian SMEs have cyber insurance, leaving most vulnerable. As a country, we are significantly underinsured against the costs of cyber-attacks but there is a lot of positive change that can occur if more organisations tap into the benefits of cyber insurance. Most insurers now require businesses to meet certain security standards—such as multi-factor authentication (MFA) across all systems to qualify for coverage. This means that while there are some hoops to jump through, the purchasing of insurance can actually assist organisations bolster their controls, response capabilities and awareness of risks.
Luhrs stressed that the value of insurance policies is often misunderstood. They provide access to expert vendors for incident response as well as cover for response costs—like legal fees, PR management, and forensic IT. Cover for restoration and recovery, business interruption losses and third-party claims are also often included. Ultimately, even organisations with a strong cybersecurity foundation can lean into their cyber insurance and maximise the support available through to it and use it as a backstop for financial loss reimbursement.
5. Rethinking Incident Response: Beyond the basics
The way businesses approach incident response is still alarmingly reactive. Luhrs urged organisations to move from simply responding to attacks, to integrating cybersecurity into their day-to-day operations. Most businesses have an incident response plan, but few have genuinely stress-tested it. Even fewer have thought about how critical communication is in containing the damage. The true value of an incident response plan is not just in handling the attack, but in protecting the organisation’s reputation during and after the breach.
Preparing for the human element—managing media, communicating with clients, and dealing with regulators—can make or break a company’s recovery. The businesses that recover best from cyber incidents are those that treat incident response as a company-wide responsibility, not just an IT function.
Final Thoughts: It’s Time to Get Ahead
The key takeaway from this webinar? Businesses need to rethink their approach to cybersecurity. It’s not just about tools and defences; it’s about visibility, preparedness, and understanding the ever-evolving nature of cyber threats. The organisations that will survive and thrive in this environment are those that treat cybersecurity as a fundamental part of their business strategy—not just an IT problem.
Ready to level up your incident response?
Watch the full recording and learn how to safeguard your organisation in today’s changing cyber landscape.
Don’t forget to check out our newly released Cybersecurity ACS Careers Guide to help you navigate opportunities and build your expertise in this critical field.