On Friday the 4th of November, the Australian Cyber Security Centre (ACSC) released their third Annual Cyber Threat Report, which offers insights gained from July 2021 to June 2022. The report “provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.”
The 74-page document analyses data from reports that have been sent to ReportCyber throughout the financial year, with involvement from the ACSC, the Australian Federal Police, the Australian Criminal Intelligence Commission, Defence Intelligence Organisation, the Australian Security Intelligence Organisation, and the Department of Home Affairs.
In their executive summary, the ACSC describes Australia’s current threat landscape and five key cyber trends:
- Cyberspace has become a battleground
- Australia’s prosperity is attractive to cybercriminals
- Ransomware remains the most destructive cybercrime
- Worldwide, critical infrastructure networks are increasingly targeted, and
- The rapid exploitation of critical public vulnerabilities became the norm
The report goes into more depth, however, here’s a quick re-cap of the 5 key takeaways:
- Cybercrime overall increased on the previous financial year
The ACSC received more than 76,000 reports of cybercrime, which was an almost 13% increase on the previous financial year and equates to an average of one report every 7 minutes. - Business Email Compromise (BEC) scams saw the biggest losses
Losses to BEC increased to approximately $98 million from more than 1500 cases, and there was an average loss of $64,000 per report. WA was the state with the biggest average loss, which was $112,000 per report. - Medium sized businesses are being hit the hardest
The cost per cybercrime report had an average increase of 14%. Cybercrime incidents are now costing small businesses an average of $39,000, medium businesses $88,000, and over $62,000 for large businesses.
- Your router may be unsecure
There are between 150,000 to 200,000 routers in Australian homes and small businesses which are vulnerable to compromise and that need to be secured. - The sector with the most reported cyber incidents is the Federal Government
The Commonwealth Government accounted for 24% of all reported cyber incidents, with State/Territory/Local Government following in second with 10% of all reports. In third was Health Care and Social Assistance, a sector which has been targeted worldwide throughout 2022.
How to protect yourself
The ACSC makes the following recommendations for Australian citizens:
- Update your devices
- Activate multi-factor authentication
- Regularly back-up your devices
- Set secure passphrases
- Watch out for scams
- Sign up to the ACSC’s free Alert Service
- Report cybercrime to the ACSC (find out how to do this here)
How to protect your business
The ACSC makes the following recommendations for Australian organisations:
- Review the cyber security posture of remote workers
- Patch vulnerabilities within 48 hours
- Only use reputable cloud service providers and managed service providers
- Sign up to become an ACSC partner
- Test your cyber security detection, incident response, business continuity and disaster recovery plans
- Report all cybercrime and cyber security incidents to the ACSC (find out how to do this here)
To help organisations stay more secure, we’ve also recently released a 10-Step Cybersecurity Checklist, which offers ten simple tips to help you review your business prepare in the case of an attack and build on your cyber-resilience.
You can download the checklist for free here.
Keeping businesses safe and secure
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Our email filtering solutions are recommended by AustCyber - The Australian Cyber Security Growth Network Ltd and defend against advanced attacks up to 48 hours ahead of the rest of the market.
Talk to us
Talk to a MailGuard solution consultant today about securing your company's inboxes. You can get in touch with us by calling +61 3 9694 4444, or by emailing us at info@mailguard.com.au.
Existing MailGuard partners and clients can reach out to us here:
Australia - please call us on 1300 30 65 10
US - call 1888 848 2822
UK - call 0 800 404 8993