One every eight minutes. That’s how many cyber-attack reports the Australian Cyber Security Centre received over the 2020-2021 financial year. It makes Australia one of the most attacked countries in the world. A near 13 per cent increase in attacks on the year before illustrates the significant security threat Australian companies of all sizes face.
Long gone are the days only large enterprises were targeted by attackers. Nowadays, anyone with an online presence is at risk – and the financial consequences of a cyber-attack for small to medium businesses are often harder to cushion. Let’s analyse what makes Australia such a hot target for cyber-attacks.
Channel Nine’s live broadcasts were disrupted by a cyber-attack in March. In January last year, the Australian Parliament’s computer systems were attacked. In August this year, Melbourne's Stonnington council was hit by suspected cyber attack.
Before that, a “sophisticated state-based cyber actor” took aim at a wide range of political and private-sector organisations. The year prior, the Defense Department and the Australian National University were attacked. While large companies often make the news, attacks on small businesses are just as common.
While this issue is certainly not unique to Australia and there are a range or reasons why these attacks happen, three stand out that seem to make Australia a particular popular target right now.
The sharp increase in frequency, scale and sophistication of online attacks, as mentioned by Prime Minister Scott Morrison, illustrate a steady deterioration in relations between Australia and China. Intelligence officials have described it as a “relentless, increasingly aggressive campaign by China to spy on, disrupt and threaten the country’s government, vital infrastructure and most important industries”.
In response to the surge in cyberattacks, the Australian government last year promised to invest A$1.35 billion in cyberweapons and defence over the next decade, including the recruitment of at least 500 cyberspies. It will also be implementing a A$1.7 billion cybersecurity strategy, with Telstra boss Andrew Penn as the head of the industry advisory committee. Penn marked 2020 as a “turning point” for cybersecurity in Australia and urged Australians to step up their cyber defences.
Defence Minister Linda Reynolds said cyber-attacks on the country were two-pronged. On the one hand there were sophisticated and well-resourced state-based actors who were “seeking to interfere in our nation” and on the other hand, it was opportunistic cybercriminals who target people and companies for financial gain.
Fraud is the most commonly reported cybercrime, meaning criminals seek out individuals and companies and deceive them with investment, shopping or romance scams. The second most reported category is identity-related crimes (theft and misuse of personal information), followed by cyber abuse. The COVID-19 pandemic has moved many more people and businesses online, intensifying cyber-attacks on Australians working, studying and connecting via the internet. Because of the remote work environment over the past two years, businesses now have more data online than ever before, presenting a fruitful target for hackers.
One in three (33%) of adult Australians use the internet for six hours a day or more, and three out of four (74%) spend more than two hours per day connected, according to a Cyber Security Research report for Australian Signals Directorate. The same report states individuals and businesses aren’t sufficiently protecting themselves against cyber-attacks, with only one in four Australians considering themselves to have an expert or good understanding of cybersecurity, and many are failing to take basic steps to boost their security.
The increase in cyber security threat sees Australian organisations spend 8% more (A$4.9 billion total) this year on enterprise information security and risk management products and services compared to last year, according to the latest forecast from Gartner. This may seem like a lot, but it’s a drop in the ocean compared to the self-reported A$33 billion in business and personal losses from cybercrime in 2020-2021. It’s estimated the cyber-related attacks could cost the Australian economy about $29 billion per year, or 1.9% of the country’s GDP.
With cyber-attackers getting more sophisticated, IBISWorld senior industry analyst Arthur Kyriakopoulos says while government support is required, businesses need to take responsibility for their own cybersecurity. The Prime Minister issued a similar warning after the attack on Channel Nine: “this is a timely reminder that Australians cannot be complacent about their cyber-security".
No matter how prepared you are, a cyber-attack can still happen. Now for the good news: the better prepared you are, the easier it will be to respond quickly and avoid the worst.
Many attacks on individuals and businesses could have been avoided or mitigated by implementing simple cybersecurity practices such as not clicking on, or responding to unsolicited emails and text messages, making sure multi-factor authentication is enabled and never providing another party remote access to a computer.
But there is whole lot more businesses can do to protect themselves. Outsourcing a Security Operation Center (SOC) can help reduce the workload on IT. A SOC team continuously monitors and improves an organisation’s security while detecting, analysing, responding to and preventing cybersecurity incidents. Triskele Labs’ SOC - DefenceShield – is a team of senior Australian cybersecurity experts keeping an eye on your data 24x7x365.
The other thing business can do to protect themselves is having a plan in place for when an attack happens. If you do not have a cybersecurity expert in-house, you will want to find a trusted advisor who can help you protect your business – and how you can call should an attach occur. Call this trusted cybersecurity experts as soon as you notice anything out of the ordinary happening to your systems, so they can take control and handle the situation with the expertise needed.