Sergey Nivens - Fotolia

Australia's state of cyber security report reveals rise in phishing attacks

Amid growing cyber threats, the country's cyber security centre calls for businesses to be more open about cyber incidents and plug potential loopholes in their supply chains

Australian companies saw a 15% increase in cyber incidents last year, underscoring Australia’s position as one of the most targeted countries in the Asia-Pacific region.

According to the 2017 Threat Report by the Australian Cyber Security Centre (ACSC), 47,000 such incidents were identified.

Private sector industries bore the brunt of the attacks, followed by federal government agencies. Ransomware and phishing attacks remain two of the most prevalent cyber threats – and these can be costly.

The ACSC report described how spoof emails duped one company of $500,000. The company’s employees had forwarded those emails to an overseas bank account before realising the messages, purportedly from their CEO, were fake.

Launching the report, Dan Tehan, Australia’s minister assisting the prime minister on cyber security, noted: “Over the course of 2016-17, reports to the ACSC indicated losses of over $20m due to business email compromise. This was up from $8.6m in 2015-16, representing an increase of over 130%.”

But he lamented the still poor rate of disclosure from affected businesses and called for them to be more open about incidents.

“If you don’t tell us you’ve been hit, we can’t help you,” he said. “It’s hard enough to catch the criminals who did it. But if you don’t report it, it makes it impossible and leads to more victims.”

With our high quality of life and relatively laid-back attitude towards security, Australia has always been an ideal target for scammers and cyber criminals
Nick Savvides, Symantec

Of the incidents, ACSC counted, 58% were self-reported, with the remainder identified by ACSC itself. The mandatory data breach notification regime that will take effect in Australia next year should prompt greater transparency.

ACSC said its computer emergency response team responded to 734 cyber incidents affecting private sector systems of national interest or critical infrastructure providers, while the Australian Signals Directorate (ASD) responded to 671 serious cyber incidents affecting government.

The report also noted that as enterprises get savvier about protecting themselves, attacks were being targeted at their supply chain or outsource partners. The report noted that a defence contractor had been compromised in precisely this way – but warned that major enterprises were also vulnerable to such backdoor attacks.

It recommended that organisations build cyber security into supply chain contracts and require partners to commit to following the ASD’s “essential eight” cyber mitigation strategies.

Read more about cyber security in Australia

Nick Savvides, chief technology officer for Symantec in the Pacific region, welcomed the report, noting that the company’s own research had identified Australia as one of the top five most targeted countries in the region.

“With our high quality of life and relatively laid-back attitude towards security, Australia has always been an ideal target for scammers and cyber criminals. Historically, these threats came from the outside in – the difference now is that a growing proportion of cyber criminals are using trusted, yet compromised local services to attack the Australian population.

“This year’s ACSC Threat Report spotlights the tactics used by bad actors to access sensitive customer data by compromising private sector ICT providers,” he said.

Meanwhile, Murray Goldschmidt, chief operating officer and co-founder of Sense of Security, said Australia needed to lift its cyber security game and do more than rely on “tick a box” compliance.

“The key that unlocks the door, more often than not, is us,” he said. “We are becoming much more susceptible to social engineering, as these attacks become more sophisticated, leaving businesses vulnerable to hacks.”

Read more on Hackers and cybercrime prevention