Old cyber threats are now new threats all over again

In my role as the Chairman of Australia’s expert Industry Advisory Committee (IAC) on Cyber Security, I get a real-time, front-row view of the frequency and scale of attacks from hackers and criminal groups, and the damage they can do to our nation.
Andrew Penn · 15 July 2021 · 5 minute read

Today I gave a speech about cyber security at the National Press Club and made the point that Australia and its people are now under cyber attack all the time.

The IAC plays a vital role in keeping Australians safe online. Today we released our first annual report to the Federal Government (PDF 2.2MB) on what more we need to do to continue to shore up our security as a country, as businesses and as individuals at home.

Every minute of every day there are malicious actors looking to beat Australia’s cyber defences. Concerningly, the sophistication of these attacks continues to improve. In my speech I called out the major threats that are facing Australians, including rapid growth of ransomware and business email compromise, ‘cybercrime-as-a-service’ whereby criminals with limited technological skills can now buy and use bespoke ransomware and increasing targeting of supply chains.

All supply chains are important but perhaps none more so currently than the COVID vaccine supply chain. Telstra has been working with Government to monitor Australia’s vaccine supply chains for threats, a crucial precaution given the criticality of our vaccine program.

You may also have heard about the increase of ransomware bringing big businesses to their knees, and stories about data breaches that see your personal information sold on the dark web. As hackers branch out and recruit more would-be criminals to their cause with cybercrime-as-a-service products, we can only expect to see these incidents increase.

Recovering from one of these attacks isn’t cheap: experts estimate the average total cost of recovery for businesses has grown to more than $2 million an attack. The good news is there are things you can do to help protect yourself, but they need to be done before an attack to be effective.

One classic hacking technique, known as “business email compromise”, is worth calling out because it is no longer exclusively targeting businesses and everyone at home who makes online payments could now be at risk.

In simple terms, this type of attack sees a criminal break into your email and pretend to be a trusted contact, either to gain access to sensitive data or to steal money by tricking you into paying into a bank account controlled by the criminal. 

Two scam victims recently reported having their emails intercepted while buying new Tesla cars, for example. They were sent bogus invoices claiming to be from Tesla, but the account numbers had been changed by hackers to accounts they controlled. Tens of thousands of dollars lost!

Email compromise attacks are a growing threat. In the 2019-20 financial year, the Australian Cyber Security Centre recorded more than 4,200 scams of this type, resulting in a loss of $142 million. It is thought that number is vastly underreported too, as many don’t feel comfortable reporting such losses. And now everyday Australians are also being targeted as scammers have become more brazen during the pandemic.

Cyber-criminals are not only becoming more sophisticated, but are also better organised. They monitor email traffic to learn about their targets and determine the most lucrative time to launch a scam. This not only increases the likelihood of success but also increases their overall financial gain.

And now that many of us are working from home due to the pandemic, we cannot afford to take our collective eyes off the ball when it comes to security in our personal or professional lives.

How to protect yourself from email compromise

  1. Recognise that nobody is too small to be scammed, hacked or attacked by malicious actors.
  2. Do the basics. Use a Password Manager to reduce the number of times you reuse the same passwords, and enable a multifactor authentication system on all of your accounts.
  3. Know who you’re paying. To reduce the ongoing risk of falling victim to these sorts of email compromise scams where invoices are switched, it is important to know exactly who you are paying and why, and double checking the payment details are correct before you pay.
  4. Make sure you keep an updated offline back-up of your data records.

If you are a small business owner looking to shore up your defences, you should check out the Federal Government’s Small Business Security Guide, which helps you protect your small business from the most common cyber security incidents.

The Federal Government has extra cyber resources too, including a dedicated cyber hub.

There are also services like IDCARE, which actively help you restore your identify if you have been scammed.

How we are combatting cybercrime

All of this brings into very sharp focus the critical importance of the 2020 Australian Government Cyber Security Strategy. The Federal Government deserves credit for the leadership it has shown on cyber security, including through the development of Australia’s 2020 Cyber Security Strategy, including the announcement of $1.67 billion for a range of initiatives in the recent Federal Budget.

Meanwhile, Telstra is implementing our own safety measures to improve the security of our customers, and we would encourage other telcos to do the same.

Measures like automated blocking of 13 million scam calls per month to ensure they never reach our customers, and advanced verification of SMS messages from agencies like Services Australia to ensure hackers cannot dupe recipients.

Protecting ourselves, our families, our businesses and our country depends on Australia’s cyber defences being strong, adaptive and built around a strategic framework that is coordinated, integrated and capable.

The IAC that I chair with other cyber industry leaders looks forward to continuing to work with the Australian Government to build Australia’s cyber defences and play a key role in bringing many of the initiatives emanating from this work to life.

They could not arrive at a more important time.


By Andrew Penn

Former Chief Executive Officer

Andy Penn became the CEO and Managing Director of Telstra, Australia’s largest telecommunications company, on 1 May 2015. At Telstra, Andy is leading an ambitious change program transforming the business to be positioned to compete in the radically changing technology world of the future with 5G at its core. Andy has had an extensive career spanning 40 years across 3 different industries - telecommunications, financial services and shipping. He joined Telstra in 2012 as Chief Financial Officer. In 2014 he took on the additional responsibilities as Group Executive International.

Prior to Telstra, Andy spent 23 years with the AXA Group, one of the world’s largest insurance and investment groups. His time at AXA included the roles of Chief Executive Officer 2006-2011 AXA Asia Pacific Holdings, Chief Financial Officer, Chief Executive Asia and Chief Executive Australia and New Zealand.  At AXA, Andy was instrumental in building one of the most successful Asian businesses by an Australian company that was sold to its parent in 2011 for more than A$10bn.

Other directorships & appointments: Member of the Council of Trustees of the National Gallery of Victoria; Board Director of the Groupe Speciale Mobile Association (GSMA); Chairman of the Australian Government’s Cyber Industry Advisory Panel, created to guide development of Australia’s 2020 Cyber Security Strategy; Patron, on behalf of Telstra, of the National Aboriginal and Torres Strait Islander Arts Awards (NATSIAA); Life Governor of Very Special Kids and an Ambassador for the Amy Gillett Foundation. He serves on the advisory boards of both The Big Issue Home for Homes and JDRF.

Recognition and qualifications: MBA (Kingston), AMP (Harvard), FCCA, HFAIPM. Andy has a national diploma in business studies (with distinction), is a Fellow of the Chartered Association of Certified Accountants, holds an MBA from Kingston University and is a graduate of Harvard’s Advanced Management Program. In 2008 Andy was recognised as Insurance Executive of the year in the Australian Banking and Finance Awards and in 2016 he was made an honorary fellow of the Australian Institute of Project Management. In 2018 Andy was named by the Financial Times among the top 10 male leaders globally HERoes list supporting women in business. In 2019 he was named by the Australian Financial Review as among the top 10 most powerful people in business.

Related articles