ACSC Cyber Threat Report 2021 – The Findings
During the 2020-21 financial year, Australia's economy has been hugely influenced by the COVID-19 pandemic. The dependence of individuals and organisations on the internet has risen rapidly in response to the need to work from home, access services and information remotely, and communicate with others at a distance. However, this increase in online engagement has increased the attack surface and created new opportunities for malicious cyber actors to exploit vulnerable targets.
The Australian Cyber Security Centre (ACSC) has released its second annual threat report to deliver critical information on known and emerging cyber threats. The 2020-2021 report not only highlights key threats affecting Australian systems and networks but provides mitigation advice that all Australian businesses can implement to protect their networks and decrease the likelihood of malicious cyber incidents.
Cybersecurity Threats and Trends in FY21
Over the 2020-21 financial year, the ACSC received a 13% increase in cybercrime reports, equating to one every 8 minutes. What’s more, a higher proportion of these incidents were deemed to be substantial in impact. While some of the change was due to an increase in reporting, the activity was also compounded by the complexity and sophistication of attacks.
The report highlighted the following key threats and trends:
● Exploiting the Pandemic - malicious actors exploited the global pandemic by targeting people’s desire for information and services. Spear phishing was often focused on COVID-related topics, criminal and state actors targeted the health sector and ransomware was used to leverage critical services.
● Targeting Critical Infrastructure - around a quarter of the incidents reported during the 2020-21 period were associated with critical infrastructure and essential services. This included healthcare, food distribution and energy sectors. Not only did this disrupt the services but it resulted in lost revenue and risk to life.
● Increasing use of Ransomware - the ACSC recorded a 15% increase in ransomware during the reporting period. The increase was associated with the desire to extort money from vulnerable areas of society. And extortion tactics became more complex as encryption and threats to sell online data was leveraged for financial gain. High profile examples include Colonial Pipeline and JBS Foods.
● Exploiting Security Vulnerabilities - public disclosures of security vulnerabilities such as patch releases were quickly compromised at speed and at scale, often within hours of the information being released.
● Attacking Supply Chains - software and service supply chains were frequently targeted to gain access to a vendor’s customers. The impact on Australian business wasn’t severe, although mitigation actions were needed in many cases. The threat, however, remains high that widely-used software products may be exploited.
● Rising Threat of Business Email Compromise (BEC) - BEC continued to be a major threat, with increasing use and sophistication of the tactic in response to remote working. The average loss due to BEC attacks rose to $50,600 (AUD), over 54% higher than the previous year.
Recommendations for Australian Businesses
The report recommends that Australian businesses should consider the following in response to the cyber threat landscape over the past year:
● Report All Incidents - all cybercrime and security incidents should be reported to assist the ACSC in understanding the Australian cyber threat environment.
● Remain Vigilant of Threats - the ACSC website is a one-stop shop for the latest updates, mitigation strategies and advice on cyber-related issues.
● Review Networks - all businesses should understand where valuable and sensitive information and infrastructure is located in order to put in place appropriate security measures and protect business-critical data.
● Patch Immediately - malicious actors use automated tools to scan for network vulnerabilities. Patches should be done within two weeks of release or within 48 hours if an exploit exists.
● Have an Incident Response Plan - businesses should be prepared for cyber security incidents by knowing how they’ll respond. This can limit impact and support recovery.
● Conduct Regular Cyber Security Exercises - working through cyber exercises in a controlled environment helps businesses to know how they’ll respond to real-world incidents, improving their ability to respond and recover in the event of a breach.
Protecting Your Business From Cyber Threats
Cybercrime has become more accessible than ever, with the dark web enabling those without expertise or investment to access services such as ransomware-as-a-service (RaaS). The result is that no sector of the Australian economy is immune to the risk of cyber threats. Everyone from government agencies to medium-sized businesses to individuals have and will continue to be a target.
To protect your organisation, you’ll need defence in depth controls and a specialised security partner like InfoTrust to strengthen your posture and ensure cyber resilience. Get in contact, to discuss your security strategy with us today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help