Cybercrime in Australia happens every 7 minutes - are you secure?

The number of reported cybercrimes has increased. Beyond Optus and Medicare, our news feeds quote, a new breach every day.??The ACSC Annual Cyber Threat Report 21-22, just released, confirms in the last financial year there were 76,000 cybercrimes reported, one every 7 minutes! – a 13% increase year on year.?

As quoted in the report, “Australia saw an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage and fraud easier to replicate at greater scale.”

Threat actors have continued to develop creative ways to penetrate the cyber defences of government and organisations across the globe, including Australia.??This heightened level of malicious cyber activity has largely targetted fraud, online shopping, and online banking which account for 54% of all reports”.?

Whilst the average cost per cybercrime varies, all organisation segments have been impacted.??The average cost per cybercrime for small business is $39,000, for medium business is $88,000 and for large business $62,000, an average increase of 14% year on year.??Whilst one breach may not totally break the bank it could severely impact profit, future revenue, and damage reputation where end users may choose to work with other companies.

Interestingly the state with the highest reported crimes was Queensland at 29%, Victoria not far behind at 27%, NSW at 22%, and Canberra 2%.??The eastern seaboard represented 80% of the reported cybercrimes.??The remaining states of Australia represented the remaining 20% - WA next at 11%, SA at 6%, Tasmania at 2% and NT at 1%.??While NT represented the lowest percentage of crimes reported it represented the highest average reported loss at $40,000 per cybercrime.?

Business Email Compromise continues to be one of the major contributors to financial lost.??Last financial year the losses totalled $98M across Australia with the average loss being $64,000 per report.??Phishing emails with links containing fake websites targeting your personal information or malware or trojans are prevalent and clever.??If you are not alert, it can be easy to click, and the damage could be done! In the moment of one click, you or the company you work for, could be compromised.

Another vulnerable area is out of date software.??We are all very accustomed to our phones being polled with messages of a new upgrade. Without us even thinking about it the upgrade happens, automatically, overnight, so long as our phone is plugged into power.??Easy!???But what about that router that sits on a shelve at home that connects all your home devices to the internet!??Or your TV that streams all of your favourite programs!??When was the last time you were notified of a software upgrade and went ahead and applied it!??According to the ACSC report, as of June 2022, its estimated that there are 150,000 to 200,000 Small Office, Home Office routers in Australia vulnerable to compromise due to aged equipment that is no longer supported or more current equipment that has not been updated with the latest software. Are you one of the possible 200,000? Time to check and ensure your devices are supported.

So we need to further educate ourselves on cyber safe basics and become vigilant, every day.??The very typical Australian “She’ll be right, mate” attitude will not survive the cunning ways of today’s hackers.??

If you have the internet connected at home or small office, watch streaming sites on your TV and/or have other devices connected to your Wi-Fi such as your phones, your sound systems, your lights, your alarms and more it’s time to step up your cybersecurity checklist.?

ACSC outlines a few recommended actions in its report for individuals - see below with my added comments. If you are a small or large enterprise ACSC have online guides providing a wealth of information to provide direction for your business. I would also investigate SOC support (Security Operations Centre) that can monitor and manage your environment 24/7/365 days a year.? It comes at a cost but the expense of a breach will be so much higher.

For larger organisations:?implement the ACSC’s?Essential Eight mitigation strategies,?Strategies to Mitigate Cyber Security Incidents?and the?Information Security Manual.

For smaller organisations:?follow the ACSC’s advice for?ransomware,?Business Email Compromise?and?other threats.

For individuals:?follow the ACSC’s?easy steps to secure your devices and accounts?including:

Update your devices and replace old devices that do not receive updates.?Ensure you load all updates provided for other devices as soon as they are available.

Activate multi-factor authentication.?Two methods of authentication may be a drag but imagine the cost if you are breached.

Use Encryption.? Protect sensitive data by encrypting hard drives, emails or documents adding that extra layer of protection, keeping data safe.

Regularly backup your device.?After travelling Europe my husband’s phone was table surfed, he lost thousands of photos. Don't assume it will never happen.

Set secure passphrases.?Recommendation is that passwords be 25 characters or higher, not always possible but apply the recommendation where possible!??You know the drill?don’t?use birthdates, names, –?use?upper lower case, numbers, special character combinations - abstract is best. You can also subscribe to a password management tool at low cost which allows you to manage many different strong passwords for your environment without relying on memory. Never write down or document passwords anywhere, like documents living on your hard drive, it could be a hacker's delight. Don't use the same password for everything, if compromised once, everything is compromised.

Watch out for scams.?Look for spelling or grammatical errors in domain name and email addresses. Cybercriminals use email addresses that resemble the names of well-known companies with slight alterations. Really check the syntax it’s usually a key indicator the sender is fake and avoid clicking on links!??Try hovering your mouse over the link to check the URL matches the link provided in the message.??

Sign up to the ACSC’s free Alert Service.?Having lived abroad for a few years this service is new to me, but any alert is a positive step.

Report any cybercrime to the ACSC.?This is a must do as all intelligence captured helps to prevent further?cybercrime.

#Cybersecurity #Cybercrime #Cyberattack

Source – ACSC Annual Cyber Threat Report 21-22

Insights from Commonwealth, Australian Federal Police, Australian Criminal Intelligence Commission, Australian Security Intelligence Organisation, Defence Intelligence Organisation, and the Department of Home Affairs.

------------------------------------------------------------------------------------------------------------