Skip to content
Call: 1300 596 560
ITL-Coloured-H.png
  • Products
    CCare.png

    Comprehensive IT support and maintenance services to ensure smooth business operations.

    CPrivate_1.png

    Secure, private networking solutions tailored for your business's specific needs.

    CCloud.png

    Flexible cloud solutions for secure, scalable, and efficient data management.

    CNetwork.png

    Robust networking services to keep your business connected and efficient.

    CNBN.png

    High-speed NBN services to boost your internet connectivity and productivity.

    CVoice.png

    Advanced voice communication solutions to enhance your business communications.

    CPBX_1.png

    Innovative PBX systems providing reliable and scalable telecommunication solutions.

    Connect Web

    Enhance your online presence & streamline operations with our tailored web solutions!

    Our Products - Connect Cyber

    Protect your digital assets & safeguard your business online with our comprehensive cyber security services.

  • Services

    IT Support Services

    We offer tailored IT support customised to your business or enterprise needs & operations, ensuring optimal performance of your systems and infrastructure.

    Learn More

    Business IT Support

    Get specialised IT support for your business that ensures your technology aligns with your specific business goals, enhancing efficiency and productivity.

    IT Consulting

    Make informed decisions, implement effective strategies, and navigate complex landscapes with the help of our expert IT consultancy services!

    IT Procurement Services

    Let us assist you in acquiring the best tech solutions at competitive prices so that your business gets superior value, quality & performance.

    Managed IT Services

    Our innovative Managed IT Services drive business growth & scale with you! We work with you to understand your specific Managed IT needs, creating solutions that improve your IT infrastructure at a simple fixed monthly rate.

    Learn More

    Managed IT Support

    Experience hassle-free & cost-effective IT outsourcing to take the complexity out of IT management for your business.

    Managed Backups

    Safeguard your critical data, minimise downtime and ensure quick recovery when you need it, for total peace of mind and continuity.

    Managed IT License Management

    Streamline your IT lincense renewals and software license management to ensure compliance and optimised usage.

    Managed Firewall

    Fortify your network's security, protect against unauthorised access & evolving cyber threats for effective collaboration and operations.

    Microsoft 365

    Transform and modernise your workplace with our comprehensive M365 Solutions. Designed to foster collaboration, enhance flexibility & enable seamless connectivity from any location!

    Learn More

    Microsoft 365 Migration

    Seamlessly migrate to Microsoft 365 with our smooth transitioning process for minimal downtime.

    Microsoft 365 Backups

    Protect your critical M365 data with our robust backup solutions, ensuring data integrity and security.

    Email Signature Management

    Manage & unify your organisation's email signatures, reinforcing your professional brand identity.

    Microsoft Teams

    Achieve unparalleled team collaboration with Microsoft Teams for Business or Enterprise!

    Cyber Security Solutions

    In today’s ever-changing digital landscape, robust cyber security is essential. We develop tailored solutions that protect your business and safeguard sensitive customer information for confidence and peace of mind!

    Learn More

    Email Security

    Fortify your email communications to safeguard sensitive data and ensure uninterrupted business operations.

    Endpoint Security

    Enhance the security of your endpoints, from laptops to mobiles, ensuring compliance & threat protection.

    Cyber Security Training

    Empower your staff to proactively handle cyber threats & foster a culture of cyber awareness and preparedness.

    Essential 8 Simplified

    Implement a streamlined Essential 8 cyber strategy to effectively mitigate cyber risks in your business.

    Cyber Security Audits

    Conduct cyber audits to identify vulnerabilities, enhance security measures & ensure robust defences.

    Cloud Computing

    Reduce your IT infrastructure costs, increase operational efficiency and flexibility & improve the overall performance of your systems with our versatile and scalable cloud computing services for business and enterprise.

    Learn More

    Cloud Computing Services

    Enjoy fully scalable & versatile cloud computing services to drive business efficiency.

    Cloud Migration

    Our seamless migration services ensure a smooth transition and integration with your IT systems to the cloud.

    Cloud Backups

    Benefit from reliable cloud backup solutions to protect your critical data and client information.

    VoIP Telephony

    Our VOIP telephony solutions provide a cost-effective and flexible solution for businesses to communicate with their clients & employees. Enjoy greater mobility, scalability, and accessibility compared to traditional phone systems!

    Learn More

    VoIP Phone Systems

    Discover our state-of-the-art VoIP phone systems for superior communications.

    Remote Workplace Solutions

    Explore our innovative IT solutions to support efficient remote work environments & hybrid teams.

  • Industries

    Transportation

    Specialised IT solutions for the transportation sector.

    Learn More

    Professional Services

    Tailored IT services for professional service providers.

    Learn More

    Education & Government

    Specialised IT services for educational institutions and government bodies.

    Learn More

    Healthcare & Aged Care

    Custom IT solutions for healthcare and aged care facilities.

    Learn More

    Manufacturing

    Advanced IT solutions to streamline manufacturing processes.

    Learn More

    Mining & Resources

    Robust IT solutions for the mining and resources industry.

    Learn More

    Retail Industry

    Explore our innovative IT solutions for the retail industry.

    Learn More
  • Resources

    New User Form

    Do you need assistance with setting up a new user? Complete our new user form.

    New User Form

    Exit User Form

    Need help with an urgent IT issue? Complete our exit user form here.

    Exit User Form

    Blog

    Stay ahead in the digital world with our latest blogs. Get expert insights on evolving IT advancements or tips for seamless business IT operations!

    Read The Blog

    Case Studies

    Discover the success stories of IT Leaders’ clients and unlock the secrets to seamless IT support, managed services, cloud computing & VoIP telephony!

    Discover Our Case Studies
  • About

    About Us

    Learn more about IT Leaders, our values, team, and our expert services!

    Learn More

    Get Support

    Lodge a support ticket & we will get back to you as soon as possible!

    Get Support

    Technical Capability Summary

    Discover IT Leaders’ range of technical capabilities as a leading Australian IT solutions provider and MSP!

    Learn More

    Careers

    Discover the opportunities to join our team!

    Explore

    Our Team

    Do you need assistance with setting up a new user? Complete our new user form.

    Learn More

    Our Partners

    Gold Coast IT Services that will help your business optimise and grow as fast as you grow.

    Learn More

    Testimonials

    Do you need assistance with archiving your email? Complete our exit user form.

    View Testimonials
  • Contact
Call: 1300 596 560

Five Most Common Cybersecurity Threats in 2024

  • September 3, 2024
cybersecurity

In 2023, global cybersecurity firm Crowdstrike noted a 60% increase in interactive cybersecurity intrusions. In Australia, cybersecurity incidents were up by 23% – and cost businesses, on average, 14% more than the previous year.

In other words: cybersecurity threats are getting worse. In this article, we’ll explain the 5 types of threats businesses need to understand in 2024, and explore how they can be prevented. There’s no easy solution to cyber attacks, but good preparation and a strong security posture can go a long way to keeping your (and your customers’) data safe.

 

Business Email Compromise

Business email compromise (BEC) is one of the most common types of cyber attacks – especially in high-risk industries like legal and financial services. In a BEC attack, an adversary uses a compromised email account to extract information, money or goods from a target organisation.

Email accounts are normally compromised in one of two ways:

  1. The email account is fake and has been designed to mimic a real-world user’s account.
  2. The account is real and the user’s login credentials have been stolen without their knowledge; emails sent by the adversary are often hidden from the user through the use of email rules.

The most common type of BEC attack is invoice fraud. When a legitimate account with access to invoices is compromised, the adversary can change payment details on the invoice; the invoice recipient receives a real invoice for real goods or services delivered, but ends up paying the wrong account. Similar attacks are also common when one party (such as a law firm) receives funds on behalf of another party (such as a client).

 

How to Prevent a BEC Attack

The simplest way to protect your organisation against BEC attacks is to invest in email hardening. That can include requiring complex passphrases, implementing multi-factor authentication, and using an anti-phishing program like Defender (which comes standard with Microsoft 365 Business Premium).

End user training is also critical. Phishing ultimately relies on human vulnerabilities, so teach your employees how to spot and properly report possible phishing attempts to your managed services provider (MSP). Your IT administrator or MSP can conduct training sessions – platforms like KnowBe4 are also great ways to simulate phishing attempts.

Even with good training and security, BEC attacks can still be hard to detect. (For example, can you spot the difference between accounts@itleaders.com.au and accounts@itleаders.com.au? The second email address is fake – the ‘a’ in ‘IT Leaders’ is actually the Cyrillic letter ‘а’, which looks identical to the Latin letter ‘a’.) As part of your security protocols, make sure your accounts staff call payment recipients on previously validated phone numbers before making any payments to new bank accounts.

 

Network Attacks

Network attacks are a broad class of cybersecurity threats that include:

  • DDoS attacks (where an adversary tries to overwhelm a server with huge amounts of fraudulent traffic)
  • MiTM attacks (where an adversary inserts themselves as a ‘man in the middle’ within or between networks, enabling them to access and manipulate exchanged data)
  • unauthorised access (where an end user’s compromised account can be used to access a network)
  • SQL injections (where poor coding allows an adversary to ‘inject’ an SQL statement into an input field, like a form, that your database then automatically runs).

The common goal of all network attacks is to access an organisation’s network. Once an adversary has access, they can encrypt, modify or steal sensitive data or shut down your network.

 

How to Prevent a Network Attack

Because network attacks are so diverse, there’s no silver bullet for them all. Instead, there are a few best practices you can implement to reduce vulnerabilities.

One of the simplest is the principle of least privilege: all users should have minimum network access levels. Least-privilege access should be paired with just-in-time (JIT) access, under which users gain time-limited access to resources only when required (or access those resources through temporary accounts). Both least-privilege and JIT access are fundamental aspects of zero-trust architecture.

User training, MFA, and NIST-compliant passwords can all help reduce the risk of user accounts being compromised. You should also have a general cybersecurity solution (such as Microsoft Defender) and firewall (like Fortinet or Palo Alto) in place.

 

Trojans

A Trojan horse is a type of malware disguised as a legitimate app or file. End users willingly download or open the app or file, enabling an adversary to gain remote control of their endpoints. Those endpoints can then be used to gather data and spread malware to other devices in the same network.

The name ‘Trojan horse’ derives from the wooden Trojan horse used by the Greeks to secretly bypass the Trojan defences in the Aeneid. Like their eponym, modern Trojan horses are normally ‘invited in’ by users – when unsafe email links or files are clicked, HTML apps are downloaded, or browsers extensions are installed.

 

How to Prevent a Trojan Attack

Like most cyber threats, there’s one major vulnerability that allows adversaries to exploit Trojans: end users. That makes training the easiest way to prevent network infections. Basic security best practices include not opening emails from unknown sources, not clicking unusual links on social media, and not downloading any poorly recognised extensions or apps.

Organisation-level defences, like SentinelOne and a firewall, are also critical for preventing initial access. Once a Trojan has breached your defences, though, you’ll generally need an EDR solution to detect it (which, if you aren’t using Defender, could include apps like Crowdstrike Falcon® or Cortex XDR). Your MSP can also help you implement more advanced solutions like honeypots.

It’s worth noting that, as of July 2024, Office applications will automatically block macros from internet-originated files. Macros are often used by staff who work with Excel, but are often exploited by adversaries to spread malware – the recent change should help prevent that.

 

Ransomware

Ransomware is one of the most prominent cyber security threats facing organisations. Last year, for example, Caesars Entertainment paid $15 million to a cybercrime group that disrupted its systems – just days before the same group launched a socially engineered attack on MGM Resorts, costing the company over $100 million (and sensitive customer data).

Most ransomware works by restricting access to data or systems, often by disabling certain functions or encrypting data. Once the ransomware is in place, the adversary will typically contact the victim and request that a financial ransom be paid. In some cases, like Caesars’, paying the ransom can lead to access being restored – but, often, insurance and international sanctions considerations can complicate that process.

 

How to Prevent a Ransomware Attack

The risk of ransomware attacks can be reduced through a generally strong cybersecurity posture (like user training, strong defences, high network visibility, and a capable MSP). But, ultimately, it’s impossible to reduce that risk to 0% – even the world’s largest organisations are vulnerable to ransomware.

You can mitigate the impact of potential attacks by investing in cyber insurance and having both a clear ransomware playbook and a disaster recovery plan. If an attack occurs, what happens? Who needs to be contacted? What processes should be followed?

Keep in mind that, although your MSP or internal IT team may be responsible for drafting your ransomware playbook, decision-making responsibility during a crisis ultimately rests with your executive team. They need a minimum level of cyber education to ensure that, if something does happen, they can make informed decisions that support the best interests of your organisation.

 

Generative AI Attacks

Since 2022, generative AI tools and large language models (LLMs) like ChatGPT have become widely available – to the general public, and to threat actors. Those tools aren’t sophisticated enough to disrupt the existing threat landscape, but they do pose two major problems:

  1. LLMs like WormGPT can essentially amplify current phishing threats, allowing adversaries to send out highly personalised, fluently written messages at scale. That makes it harder for end users to detect threats based on poor English, spelling errors, and other ‘spam giveaways’.
  2. Generative AI can be used to create fraudulent voice and video calls (known as ‘vishing’). Previously, vishing was easier to detect and harder to execute at scale; today, adversaries can automate authentic-sounding phone conversations – and, potentially, even create deepfakes of real people known to end users.

 

How to Prevent a Generative AI Attack

Generative AI attacks can be prevented in the same way as other types of cyber attacks: good user training, good cyber defences, and good security protocols. Currently, adversaries’ use of generative AI hasn’t evolved to the point where extra standards are necessary.

Yes, LLMs can democratise high-quality phishing – but end users spotting typos should be your last line of defence anyway. And, yes, AI-driven vishing has the potential to be a serious threat, but most adversaries don’t have the skill or resources to generate believable deepfakes (yet).

Our advice: maintain a good cybersecurity posture, partner with a capable MSP, and keep an eye on the horizon – but don’t be distracted from existing threats by the glitter of AI-enhanced adversaries. For most organisations, decades-old threats like bad endpoint security and poorly defended networks are the biggest concerns.

 

Next Steps

By now, you should have baseline understanding of the most common cybersecurity threats in 2024 – and the actions you need to take to address them. Keep in mind that everything we’ve discussed in this article is general information. Each organisation’s cyber vulnerabilities are different, and its security responses need to reflect that. The type of defences that are appropriate for a large manufacturing business, for example, aren’t necessary (or viable) for a 15-person professional services firm.

To develop a robust security posture, talk to your managed service provider. They should be able to build on the information in this article and provide technical recommendations (including for cybersecurity strategy and governance). One of our specialties, for example, is helping Australian organisations develop and maintain an appropriate Essential Eight maturity level – a security hardening process that focuses on 8 federal government mitigation strategies.

If you aren’t currently working with a security-focused MSP, or if you’d like a second opinion on a strategic or technical problem, schedule a consultation with one of our specialists.

 

Share It:

Read More IT Leader Articles
Loading...
laptop screen showing software updates
October 28, 2024

Windows 10 Countdown: Why It’s Time to Upgrade Your PC Today

Windows 10 has been a reliable companion, but its days are numbered. Come October 14, 2025, Microsoft will end support for it. That means...
Read More
someone using a laptop looking at an email
October 21, 2024

Six Signs of Business Email Compromise to Watch For

Table of Contents Business email compromise (BEC) attacks are the most common cyber threat that Australian businesses face. They’re also one of the most...
Read More
smart office trends
October 14, 2024

Boost Productivity: Top 6 Smart Office Trends You Need To Know

The office environment is experiencing a major overhaul. The days of drab cubicles and repetitive routines are behind us. Today’s smart offices are vibrant...
Read More
ITL-Coloured-WhiteSub-H.png

Professional IT Services that are optimised to change and grow as fast as your business!

Facebook Twitter Linkedin

Products

  • Connect Care
  • Connect Cloud
  • Connect NBN
  • Connect Network
  • Connect PBX
  • Connect Private
  • Connect Voice
  • Connect Web
  • Connect Cyber

Services

  • IT Support
  • Managed IT Services
  • Microsoft 365 Solutions
  • Cyber Security
  • Cloud Computing
  • Cloud Migration
  • Cloud Backup
  • VoIP Telephony

Support

  • Contact Us
  • New User Form
  • Exit User Form

Resources

  • Careers
  • Blog
  • Technical Capabilities

© 2025 IT Leaders

Terms & Conditions

Privacy Policy