At the heart of the government’s fourth Annual Cyber Threat report lies the warning that malicious cyber activity continues to increase in sophistication, frequency, cost and severity compared to the previous year’s findings.
It sends a familiar message: without prioritising cyber security, every Australian risks becoming victim to online adversaries.
The report was conducted by federal agency Australian Signals Directorate (ASD) in collaboration with a number of partner federal agencies and lays bare the threats to Australia's cyber environment.
The ASD received over 33,000 calls and an average of 90 calls a day to the Australian Cyber Security Hotline, up 32 per cent from the previous financial year. That’s a cybercrime reported approximately every six minutes.
Globally, critical infrastructure networks continued to be targeted, and Australian networks were no exception to malicious actors seeking to steal or encrypt sensitive data, gain insider knowledge, or degrade and disrupt services – threatening many vital systems.
Ransomware in particular remained a highly destructive cybercrime, comprising over 10 per cent of all incidents.
Australian businesses were also an attractive target for malicious actors, with the average cost of cybercrime to business increasing by 14 per cent over the financial year. 92% of businesses affected were small businesses.
It’s important for businesses to be quick on the draw when it comes to business email compromise fraud – a crime affecting over 2,000 victims and draining Aussie businesses of almost $80 million in total.
With the average Australian household having over twelve internet-connected devices, individuals are feeling the impact of rising cybercrime rates as well. Aussies lost over $3 billion to scams in 2022 according to the ACCC’s Targeting Scams report – that’s an 80 per cent increase on 2021. The big-hitting scams are identity fraud, online banking fraud, online shopping fraud and investment scams.
“In Westpac we see most of the scams categorised within the ASD report,” says Richard Johnson, Westpac’s Chief Information Security Officer, in an interview with Westpac Wire.
“We see phishing and malware attacks against customers, and we’re seeing scams on the rise – particularly romance scams, investment scams and business email compromise scams.
“Money going out through crypto exchanges are a key focus for us so that we can ensure that Australians aren’t losing their money to cybercriminals.”
The report found that the path towards a stronger cybercrime barricade involves positive cyber security culture and stringent security controls. This includes strengthening partnerships across government and industry to share intelligence and mitigation advice.
The groundwork has been laid, with the Cyber Threat Intelligence Sharing Community growing around 688 per cent to over 250 Partners by the end of June 2023. The Domain Takedown Service blocked over 127,000 attacks against Australian servers, and ASD’s Cyber Security Partnership Program grew by almost 30 per cent to over 110,000 individuals and organisations.
What you can do to protect yourself and your business
- Patch, update or mitigate vulnerabilities within 48 hours when vulnerabilities are assessed as critical
- Regular cyber security training to ensure staff are cautious of phishing emails
- Turn on multi-factor authentication, and use long and unique passphrases for every account
- Turn on automatic updates for all software, and do not ignore installation prompts
- Regularly back up important files and device configuration settings
- Only use reputable cloud service providers and managed service providers
- Regularly test cybersecurity detection, incident response, business continuity & disaster recovery plans
- Review cyber-security posture of remote workers
- Thoroughly understand networks, map them and maintain an asset registry
- Scrutinise the organisation’s ICT supply chain vulnerabilities and risks
- Always call organisations and individuals back on an independently-sourced number
- Ask personal questions to verify the identity of a known caller
- Don’t cooperate with advisors wanting to see your device’s screen to help guide you
- Always seek independent financial advice
- Report cyber security incidents early to ReportCyber at cyber.gov.au/report
The headway made in the sector demonstrates that Australians clearly value cyber security, and it’s the collective actions of Australians that make a real contribution to the nation’s cyber resilience. As technology becomes more disruptive, and networks grow in size and complexity, so too will the sophistication of cybercrimes.
For information on scams, go to Westpac's Latest Scams and Alerts info.