A cyber crime is reported, on average, every ten minutes in Australia.
That’s according to the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report published last week.
In a press release coinciding with the report, Defence Minister, Linda Reynolds, said “cyber criminals use a range of methods to try to cheat Australian families and businesses out of their money and their data”.
Yet the ACSC report paints a much simpler picture of how those cyber criminals target everyday Australians.
Drawing on data from its online reporting, ReportCyber, the ACSC found that the most common threat facing Australians are scams.
Of the nearly 60,000 reports made to the ACSC in the last financial year, around 40 per cent were categorised as ‘fraud’: specifically romance, investment, or shopping scams.
“Cyber crime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses,” the ACSC report says.
“Cyber criminals follow the money. Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it very attractive and profitable for cyber crime adversaries.”
Scamwatch reported in June that Australians lost over $634 million to scams in 2019 – but that figure is underestimated due to the number of scams and cyber crimes that go unreported.
Although scams and fraud are the most common sources of grief for Australians online, the ACSC still sees ransomware as the biggest threat to the country.
“This assessment is based on the fact that ransomware requires minimal technical expertise, is low cost and can result in significant impact to an organisation, potentially crippling core business functions,” the report says.
And the ACSC warns that access to the dark net gives non-technically minded criminals the chance to bring down big businesses.
“There are lucrative underground marketplaces offering cyber crime-as-a-service, or access to high-end hacking tools that were once only available to nation states,” the ACSC warns.
“These marketplaces also offer less technical but equally valuable cyber crime enablers including personal information and other sensitive data such as compromised user credentials.
“As a consequence, illicit tools, services and data can be purchased and used with minimal technical expertise to generate alternative income streams, launder the proceeds of cyber crimes and traditional crimes, or undertake network intrusions for non-financial purposes.”
For individuals, the ACSC’s advice is simple: beware of dodgy links in emails, keep your software updated, and use a variety of strong passwords.
“Applying the fundamentals of good cyber security as individuals, business owners and government agencies is vitally important and in many ways Australians are not necessarily learning from past experience,” the ACSC said.
“The ACSC responds to hundreds of cyber security incidents each year. Many of these could have been avoided or substantially mitigated by good cyber security practices.”
Australia has been on high alert following Prime Minister Scott Morrison’s warning in June that Australia was under cyber attack.
The government has since announced an extra $1.35 billion in cybersecurity funding over the coming decade.