During the 2020-21 financial year, Australia's economy has been hugely influenced by the COVID-19 pandemic. The dependence of individuals and organisations on the internet has risen rapidly in response to the need to work from home, access services and information remotely, and communicate with others at a distance. However, this increase in online engagement has increased the attack surface and created new opportunities for malicious cyber actors to exploit vulnerable targets.
The Australian Cyber Security Centre (ACSC) has released its second annual threat report to deliver critical information on known and emerging cyber threats. The 2020-2021 report not only highlights key threats affecting Australian systems and networks but provides mitigation advice that all Australian businesses can implement to protect their networks and decrease the likelihood of malicious cyber incidents.
CYBERSECURITY THREATS AND TRENDS IN FY21
Over the 2020-21 financial year, the ACSC received a 13% increase in cybercrime reports, equating to one every 8 minutes. What’s more, a higher proportion of these incidents were deemed to be substantial in impact. While some of the change was due to an increase in reporting, the activity was also compounded by the complexity and sophistication of attacks.
The report highlighted the following key threats and trends:
- Exploiting the Pandemic - malicious actors exploited the global pandemic by targeting people’s desire for information and services. Spear phishing was often focused on COVID-related topics, criminal and state actors targeted the health sector and ransomware was used to leverage critical services.
- Targeting Critical Infrastructure - around a quarter of the incidents reported during the 2020-21 period were associated with critical infrastructure and essential services. This included healthcare, food distribution and energy sectors. Not only did this disrupt the services but it resulted in lost revenue and risk to life.
- Increasing use of Ransomware - the ACSC recorded a 15% increase in ransomware during the reporting period. The increase was associated with the desire to extort money from vulnerable areas of society. And extortion tactics became more complex as encryption and threats to sell online data was leveraged for financial gain. High profile examples include Colonial Pipeline and JBS Foods.
- Exploiting Security Vulnerabilities - public disclosures of security vulnerabilities such as patch releases were quickly compromised at speed and at scale, often within hours of the information being released.
- Attacking Supply Chains - software and service supply chains were frequently targeted to gain access to a vendor’s customers. The impact on Australian business wasn’t severe, although mitigation actions were needed in many cases. The threat, however, remains high that widely-used software products may be exploited.
- Rising Threat of Business Email Compromise (BEC) - BEC continued to be a major threat, with increasing use and sophistication of the tactic in response to remote working. The average loss due to BEC attacks rose to $50,600 (AUD), over 54% higher than the previous year.
RECOMMENDATIONS FOR AUSTRALIAN BUSINESSES
The report recommends that Australian businesses should consider the following in response to the cyber threat landscape over the past year:
- Report All Incidents - all cybercrime and security incidents should be reported to assist the ACSC in understanding the Australian cyber threat environment.
- Remain Vigilant of Threats - the ACSC website is a one-stop shop for the latest updates, mitigation strategies and advice on cyber-related issues.
- Review Networks - all businesses should understand where valuable and sensitive information and infrastructure is located in order to put in place appropriate security measures and protect business-critical data.
- Patch Immediately - malicious actors use automated tools to scan for network vulnerabilities. Patches should be done within two weeks of release or within 48 hours if an exploit exists.
- Have an Incident Response Plan - businesses should be prepared for cyber security incidents by knowing how they’ll respond. This can limit impact and support recovery.
- Conduct Regular Cyber Security Exercises - working through cyber exercises in a controlled environment helps businesses to know how they’ll respond to real-world incidents, improving their ability to respond and recover in the event of a breach.
PROTECTING YOUR BUSINESS FROM CYBER THREATS
Cybercrime has become more accessible than ever, with the dark web enabling those without expertise or investment to access services such as ransomware-as-a-service (RaaS). The result is that no sector of the Australian economy is immune to the risk of cyber threats. Everyone from government agencies to medium-sized businesses to individuals have and will continue to be a target.
To protect your organisation, you’ll need defence in depth controls and a specialised security partner like Infotrust to strengthen your posture and ensure cyber resilience. Get in contact, to discuss your security strategy with us today.