Old cyber threats are now new threats all over again
Today I gave a speech about cyber security at the National Press Club and made the point that Australia and its people are now under cyber attack all the time.
The IAC plays a vital role in keeping Australians safe online. Today we released our first annual report to the Federal Government (PDF 2.2MB) on what more we need to do to continue to shore up our security as a country, as businesses and as individuals at home.
Every minute of every day there are malicious actors looking to beat Australia’s cyber defences. Concerningly, the sophistication of these attacks continues to improve. In my speech I called out the major threats that are facing Australians, including rapid growth of ransomware and business email compromise, ‘cybercrime-as-a-service’ whereby criminals with limited technological skills can now buy and use bespoke ransomware and increasing targeting of supply chains.
All supply chains are important but perhaps none more so currently than the COVID vaccine supply chain. Telstra has been working with Government to monitor Australia’s vaccine supply chains for threats, a crucial precaution given the criticality of our vaccine program.
You may also have heard about the increase of ransomware bringing big businesses to their knees, and stories about data breaches that see your personal information sold on the dark web. As hackers branch out and recruit more would-be criminals to their cause with cybercrime-as-a-service products, we can only expect to see these incidents increase.
Recovering from one of these attacks isn’t cheap: experts estimate the average total cost of recovery for businesses has grown to more than $2 million an attack. The good news is there are things you can do to help protect yourself, but they need to be done before an attack to be effective.
One classic hacking technique, known as “business email compromise”, is worth calling out because it is no longer exclusively targeting businesses and everyone at home who makes online payments could now be at risk.
In simple terms, this type of attack sees a criminal break into your email and pretend to be a trusted contact, either to gain access to sensitive data or to steal money by tricking you into paying into a bank account controlled by the criminal.
Two scam victims recently reported having their emails intercepted while buying new Tesla cars, for example. They were sent bogus invoices claiming to be from Tesla, but the account numbers had been changed by hackers to accounts they controlled. Tens of thousands of dollars lost!
Email compromise attacks are a growing threat. In the 2019-20 financial year, the Australian Cyber Security Centre recorded more than 4,200 scams of this type, resulting in a loss of $142 million. It is thought that number is vastly underreported too, as many don’t feel comfortable reporting such losses. And now everyday Australians are also being targeted as scammers have become more brazen during the pandemic.
Cyber-criminals are not only becoming more sophisticated, but are also better organised. They monitor email traffic to learn about their targets and determine the most lucrative time to launch a scam. This not only increases the likelihood of success but also increases their overall financial gain.
And now that many of us are working from home due to the pandemic, we cannot afford to take our collective eyes off the ball when it comes to security in our personal or professional lives.
How to protect yourself from email compromise
- Recognise that nobody is too small to be scammed, hacked or attacked by malicious actors.
- Do the basics. Use a Password Manager to reduce the number of times you reuse the same passwords, and enable a multifactor authentication system on all of your accounts.
- Know who you’re paying. To reduce the ongoing risk of falling victim to these sorts of email compromise scams where invoices are switched, it is important to know exactly who you are paying and why, and double checking the payment details are correct before you pay.
- Make sure you keep an updated offline back-up of your data records.
If you are a small business owner looking to shore up your defences, you should check out the Federal Government’s Small Business Security Guide, which helps you protect your small business from the most common cyber security incidents.
The Federal Government has extra cyber resources too, including a dedicated cyber hub.
There are also services like IDCARE, which actively help you restore your identify if you have been scammed.
How we are combatting cybercrime
All of this brings into very sharp focus the critical importance of the 2020 Australian Government Cyber Security Strategy. The Federal Government deserves credit for the leadership it has shown on cyber security, including through the development of Australia’s 2020 Cyber Security Strategy, including the announcement of $1.67 billion for a range of initiatives in the recent Federal Budget.
Meanwhile, Telstra is implementing our own safety measures to improve the security of our customers, and we would encourage other telcos to do the same.
Measures like automated blocking of 13 million scam calls per month to ensure they never reach our customers, and advanced verification of SMS messages from agencies like Services Australia to ensure hackers cannot dupe recipients.
Protecting ourselves, our families, our businesses and our country depends on Australia’s cyber defences being strong, adaptive and built around a strategic framework that is coordinated, integrated and capable.
The IAC that I chair with other cyber industry leaders looks forward to continuing to work with the Australian Government to build Australia’s cyber defences and play a key role in bringing many of the initiatives emanating from this work to life.
They could not arrive at a more important time.