Nexon blog - Cyber criminals are the new drug lords: Experts reveal critical security threats and defences

With names like Volt Typhoon, REvil, DarkSide, Anonymous and Killnet, today’s cyber criminals pose and act like cartel kingpins. At our Cyber Insights Briefings, we asked top security advisors to share insights on hacks, ransoms, vulnerabilities and fundamental mistakes organisations make. It was eye-opening.

Unique perspectives by cyber experts McGrathNicol

Over breakfast events in Sydney and Melbourne, we heard from cyber security specialists Matt Grant and Darren Hopkins, Partners at the respected advisory firm McGrathNicol.

With their diverse backgrounds in law enforcement, major crime fighting and forensic investigations, combined with high-level corporate experience, Matt and Darren bring a unique perspective to business leaders’ threats.

Make no mistake. We’re dealing with organised crime.

Darren set the scene with the alarming insight that cybercrime has overtaken the drug trade as the leading source of revenue for organised gangs globally.

Data is a hot commodity, and it’s much simpler and less risky to source and monetise personal information online than to set up the physical manufacturing, logistics and dealer networks involved in the drug trade.

Whether selling data for cash or using it to extort ransom payments, cyber crime syndicates operate like legitimate organisations, with organised teams, roles and revenue targets. They cover their tracks and are often based in countries where cybercrime is not actively pursued.

Statistics confirm it’s ‘When’ not ‘If’

Key statistics from the Australian Cyber Security Center’s (ACSC) FY22-23 Threat Report1 show that cyber crime is at an all-time high. The latest statistics are sobering for business leaders.

Expect a data breach soon
Expect a data breach soon

58% of technology leaders in Australia feel that a data breach is inevitable within the next year.2

Security plan – Less talk, more action
Less talk, more action

While 88% of leaders believe they are prepared for an attack, just 61% have an incident response plan, which is critical to preparedness.3

Million-dollar ransoms paid, fast
Million-dollar ransoms paid, fast

73% of organisations that had a cyber attack in the past five years paid a ransom (estimated to be an average amount of $1.03 million), with 75% paid within 48 hours.3

Regulators are on the front foot, holding directors accountable

In the past, it was common for management to hide behind the line that “We were victims of a sophisticated attack,” when, in reality, it was more a case of poor preparation and a lack of basic protections. There is no more playing the victim.

Tightening regulation requires Directors to be accountable for breaches and actively participate in adequate cyber protection of their organisations and supply chains. Changes to the Privacy Act in 2022 introduced up to $50 million in financial penalties, and the latest legislation is set to increase scrutiny and obligations for small businesses.

Cyber security is no longer a discretionary expense. It is an operational necessity. Company Directors and Boards have a duty to invest in security measures, educate themselves on cyber governance and hold executives accountable.

Simple protections can make a major difference

Too many organisations still suffer from attacks that simple IT processes can prevent. For example, inadequate vulnerability patching is one of the most common causes of incidents. A simple oversight that leaves the door open for hackers to compromise networks.

Moreover, 30% of all ransomware attacks used email phishing tactics as the initial mode of entry into an organisation. Organisations can minimise this problem using filtering software, secure gateways, authentication, testing and training.

On top of defences like readiness assessments, security software and disaster recovery planning, Darren recommended hunting the hunters by proactively testing systems, running scenarios and investing in solid endpoint detection and response (EDR) systems to continuously monitor devices to detect ransomware and malware.

“Sophisticated criminals don’t want to be found. They operate quietly and undetected while they gather data and credentials to prepare for a bigger attack,” he said.

How do you attract the board’s attention? “Get breached!”

A question raised at the event was how to drive urgency and investment from Directors who may not be tech-savvy. Besides Matt’s suggestion that a significant cyber incident is a surefire way to galvanise action, he said education is the key.

“Boards understand the concept of risk. Rather than discussing technology, we position cyber in terms of other business risks like finance, reputation or compliance. Also, bringing in other executives to share war stories of cyber attacks and recovery brings the issue to life.”


Beyond IT Security: The Evolving Obligations of Australian Organisations for Cyber Resiliency

At the Cyber Insight event, Nexon launched a comprehensive new whitepaper exploring the implications of Australia’s evolving cyber security landscape for key stakeholders, including boards, company directors, business leaders and technology leaders.

Download the whitepaper

The feeling that an attack is inevitable has pushed cyber incident response and recovery to the forefront of executive thinking. Contact us if you’d like to discuss your cyber security readiness or strategy.

Paul Edmondson is Head of Cyber Security Sales at Nexon Asia Pacific.
For more information, contact Nexon today.


1 Australian Cyber Security Centre (ACSC), Threat Report FY22-23

2 Ecosystem Cybersecurity Study, 2024

3 McGrathNicol Ransomware Survey, 2023