Cyber incidents from Optus to Medibank are making headlines with increasing regularity, underlining the ever-growing threat to our personal data.
The Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports in the 2022 financial year, an increase of 13 per cent on the prior year, according to its annual threat report, published in November. That’s one attack reported every seven minutes, on average.
“The reality of cyber risks has started to bite in a much more public way,” Christine Christmas, assistant director-general for international and national partnerships at the ACSC, said at an event to mark Cyber Security Awareness month in October. “The trends we’re seeing are becoming worse in terms of the volume of reports and the increase in financial losses.”
Australia’s prosperity makes it an attractive target for cyber criminals, the ACSC said, with the nation enjoying the highest median wealth per adult in the world, according to a 2021 Credit Suisse report.
Scams directed at individuals, targeting activities such as online banking and shopping, are among the most common, while the ACSC has also seen an increase in criminal activity targeting high value transactions including property settlements.
Other scams, such as the recent “hi mum” case, may seem easy to spot, but have still caught out over a 1,000 people. Scams Awareness Week from Nov. 7-11 aims to inform people on how to identify scams and take the time to check whether an offer or approach is genuine before they act on it.
Australia’s banking landscape, which is dominated by the big four retail banks, has a lot of capability to meet the challenge, Richard Johnson, Westpac’s chief information security officer, told the October seminar.
“The banks talk to each other about cybersecurity, to help protect the broader community – including both swapping notes on which security capabilities are most effective, as well as the details of attacks we each see,” Johnson said, adding that “in recent years, that collaboration has expanded out across many other sectors as well.”
Tech-savvy Australians have been quick to embrace online services. While some of those services – including online banking – are built with security as a key priority, not all are as diligent.
And as our digital footprints increase, so does the risk of falling victim to a cybercrime, so it pays for individuals to increase their vigilance.
The ACSC’s “Have you been hacked?” interactive tool helps people to work out if they have been hacked and what to do to minimise the impact of a cyberattack.
Easy security steps everyone can take include turning on automatic software updates, regularly backing up devices and switching on more rigorous identity checks through multi-factor authentication.
The ACSC also recommends choosing longer, more complex passphrases – made up of four or more random words – to help device and online account owners to move away from poor and easy-to-guess password choices like ‘Password123’.
The overwhelming majority of scam attempts fail, said Jay Banerji from cyber security services group, CyberCX.
“The real concern is that while threat actors can try a million different times and can fail 99 per cent of the time, it’s that one per cent that they might succeed on, where as we as defenders have to succeed 100 per cent of the time. If we miss that one per cent we’ve failed at our jobs.”
Small and medium sized businesses also face an increasing cybercrime threat, the ACSC report showed. The average cost per cybercrime report rose by 14 per cent in the past year across all businesses, with financial losses from business email compromise rising to $98 million.
“Cybercrime can cause financial and reputational damage, disrupt business and essential services, and result in permanent damage to an organisation,” the report said.
Westpac has devised a Cyber Response Playbook to encourage stretched small business owners to address their cyber security risks, while the Davidson Institute will host a webinar on Nov. 23 to help inform on how they can better protect themselves.