Everything You MUST Know Now!

Cybersecurity is paramount for individuals and businesses in Australia due to the escalating threat to our landscape. With the rapid digitisation of services and increased reliance on technology, protecting sensitive data from cyberattacks is vital. Safeguarding financial assets, personal information and maintaining customer trust is critical for sustainable growth and resilience in the digital age.

Recently Xavier O’Malley, Cyber & Infrastructure Security of the Australian Department of Home Affairs, addressed a packed room at the Digital Innovation Summit hosted by nBn Australian and Business in Heels.

It was staggering to learn there had been 76,000 reported cybercrimes during the 2021/2022 financial year; equivalent to one report of a cyber attack every 7 minutes. Cybercrime costs Australia up to 33,000 billion a year, yes I said billion! The average report for cybercrime for small and medium businesses was $39,000 and $88,000 respectively. Even more astounding was, 52% of the ransomware cybercrime during this year was for SME! Enough to close a business in a flash.

So who commits cyber crime?

They can be individuals or teams of people using computer technology to steal personal and confidential information and sell or distribute it. From Foreign Intelligence Services, to organised crime syndicates, terrorists, internet stalkers, trolls and scammers.

What are Common Cyber Security Threats?

The Department of Home Affairs categorises common cyber threats into three main groups;

1. Phishing – otherwise known as ‘scam attempts’

a. This includes malicious links, calls and SMS. These can be random or targeted. In fact, two thirds of Australians aged 15 years and over were exposed to a scam in 2021/2022, according to the Australian Bureau of Statistics.

b. In a MIND BLOWING case ‘scammers’ impersonated the US Department of Transportation. The criminals lured people into handing over their personal details under the pretence of bidding for U.S. Department of Transportation contracts. The phishing campaign told recipients the government had invited them to submit a bid for a department project.  A link at the bottom of the message instructed them to “Click Here to Bid”, and asked them to provide their Microsoft 365 login details. Outsmarting the public, the attackers created the domain, which was easily mistaken for a genuine message from the US Department ‘’.

2. Ransomware – a nasty type of malware

a. This includes; file encryption with ransom demand.

b. In 2022 Optus fell victim to cyber crime, with one of the biggest security breaches ever in Australian history. As the second-largest telecommunications company in Australia. 

The criminals were believed to be working for a state-sponsored operation that breached Optus’ internal network, compromising personal information and impacting up to 9.8 million customers, almost 40% of the population. According to Optus CEO Kelly Bayer, the oldest records in the compromised database could date as far back as 2017. 

3. Business Email Compromise (BEC)

a. This includes; email fraud and employee or company impersonation. Australian businesses were scammed out of $227 million in “payment redirection” cons over the course of 2021/2022.

b. In February 2023, Sky News reported, an employee was charged after stealing more than $700k from a Sydney law firm in an alleged business email compromise (BEC) scam. The man used a compromised employee email address to allegedly steal thousands of dollars from the firm before his arrest.

It was then revealed the email of a paralegal working at the firm had been compromised and used to generate fake invoices by locating a genuine request for payment and altering the banking details to that of the fraudster.

What can we do to protect ourselves and businesses?
There are TWO major things you can do RIGHT now!

1. Multi-factor authentication – it’s like a free alarm system and instantly doubles your security.

2. PASSWORDS! Xavier O’Malley discussed this at length in his keynote address. In fact, he stated “if all your passwords aren’t long, strong and different, they are no good to you”. He referenced a powerful information grid called ‘TIME IT TAKES A HACKER TO BRUTE FORCE YOUR PASSWORD’ –  see image.

So where to now?

Firstly, update your passwords and multi-factor authentication immediately. Go now, run, don’t walk!

Secondly, Xavier O’Malley, recommends checking out the Australian Cyber Security Centre – Partnership Program. The ACSC Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy. 

Stay Safe! Link to Article