The Australian Cyber Security Centre (ACSC) has released its Annual Cyber Threat Report 2020-21. This report details the key cyber threats affecting Australian systems and provides recommendations, based on data and trend analysis, on how to protect Australian individuals and organisations from cyberattacks.
Due to the COVID pandemic, many employees and businesses began to heavily rely on remote systems and the internet to perform their work. Without the immediate ability to watch over employees and their hardware, there has been an increased risk for “malicious cyber actors to exploit vulnerable targets in Australia.” The ACSC recorded over 67,500 cybercrime reports, roughly equating to cyberattacks happening every 8 minutes over the last year! More importantly, these attacks were categorised as ‘substantial’, with cyber threats being aimed at larger organisations to target critical data and/or brick online services. The ACSC highlighted that these cyber threats were affecting every sector in Australia, from governmental agencies to infrastructure providers, to family businesses.
In its report, the ACSC identified six key cyber security threats:
1) Exploitation of the pandemic environment: With the move to remote work, bad actors began sending out thousands of phishing emails and text messages to target personal information such as passwords, health, and banking details. It is commonplace now to regularly test staff with false phishing emails to check compliance with internal security standards.
2) Disruption of essential services and critical infrastructure: Approximately one-quarter of cyberattacks were aimed at domestic infrastructure and/or essential services. This creates a financial and emotional burden on health services, distribution, logistics, and energy sectors.
3) Ransomware: Ransomware has become the most common form of digital extortion, with criminals hacking emails and passwords to blackmail individuals for money. Earlier this year, Australia’s shadow assistant Minister for Communications and Cyber Security addressed ransomware and we may soon see legislative reform to combat this issue.
4) Rapid exploitation of security vulnerabilities: Many businesses and industries were not prepared to completely shift to online workplaces. As such, bad actors took advantage of these vulnerabilities to brick internal systems and exploit loose security standards.
5) Supply chains: Criminals have begun to break into supply chains to harvest customer information. This creates an additional burden on vendors and damages brand reputation for a failure to appropriately manage security risks, especially when dealing with personal customer information.
6) Business email compromise: Much like phishing emails, cybercriminals have banded together to launch sophisticated business email compromise attacks to impact both employees and employers. It was noted that successful business email compromise attacks cost companies an average of $50,600 per year.
To deal with these issues, the ACSC has provided a detailed breakdown of how these cybercriminals operate, the sectors they target, the method of their attacks, predicted trends and data for the future and offers guides on how to mitigate cyberattack risks.
Cyber attacks will continue to impede businesses and consumer safety, so it is imperative that organisations keep abreast of regulatory changes and continue to improve internal security standards.
For the full reading of the report, see here.