2 minute read
CYBERSECURITY – A NEW FRONTIER
Recent hacking incidents highlight the challenges of living in the information age. In one, the perpetrators held millions of current and former customers’ personal information ransom, threatening to release the data unless their monetary demands were met. In another, the cache of personal information included details of diagnoses, procedures, and locations of medical services.
It has become common practice for service providers to demand identity information of their consumers for “verification” . Some providers, such as real estate agencies, hold vast amounts of sensitive financial information and documents. While many organisations have expressed confidence in their security measures, as the saying goes, a chain is only as strong as its weakest link.
In its Notifiable Data Breaches Report for July to December 2021, the Office for the Australian Information Commissioner observed that 37 % (n=173) of all data breaches resulted from cyber-security incidents. Of these, the top three modes of attack were phishing (32%), credentials compromised or stolen by methods unknown (28%) and ransomware (23%).
Consumers have been understandably concerned. In a poll of 1050 Australians, conducted in early October this year, most respondents said they “somewhat concerned” or “very concerned” about their identities being stolen to access bank accounts (85%) or social media accounts (76%) and receiving scam emails and texts (78%). These concerns are not with foundation.
In the 2020-2021 financial year, the Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports, nearly 500 involving ransomware. These represent year-on-year increases of nearly 13% and 15% respectively. ACSC also observed an increase in the average severity and impact of reported cyber security incidents, with nearly half categorised as “substantial” .
Fraud, online shopping scams and online banking scams were the top reported cybercrime types. Victims’ financial losses totalled more than $33 billion. On average, small businesses lost $8,899 per report, medium businesses lost $33,442 per report and large organisations lost $19,306 per report. These are likely conservative estimates, and may not include incident containment and recovery costs, losses arising from customer turnover or regulatory penalties.
Small businesses often don’t have the knowledge, time, or resources to dedicate to cyber security. Some have outsourced their IT functions to third party providers, who can help with implementing measures such multifactor authentication, automatic software updates and data backups. However, businesses still need to work out their “people” procedures around access control and staff training. The ACSC has developed a suite of cyber security resources to help small and medium businesses understand common cyber security risks, reduce their exposure and mitigate the impact of incidents that occur. Resources can be accessed at https://cyber.gov.au.
Common cyber threats
Phishing refers to emails, text messages or phone calls that purport to be from a trusted individual or organisation, which seek to trick recipients into disclosing sensitive information (eg credit card numbers, passwords) or performing specific behaviours (eg paying fraudulent invoices, buying and sending gift cards) for the benefit of the sender.
Malware is a blanket term for any type of malicious software that is designed to infiltrate a person’s computer without their knowledge. Malware provides criminals the means to access information such as bank or credit card details and passwords, spy on a user’s activity, or to take control of a computer to pursue some other end (eg crypto-mining, distributed denial-of-service attacks).
Ransomware, one software company suggests, is a specific type of malware that kidnaps your sensitive files data and holds them for ransom until you pay up.
