Cybercrime is on the rise, with over 76,000 cybercrime reports in the 2021-22 year, a jump of nearly 13 percent from the previous period.
This is equivalent to one report every eight minutes, compared to every seven minutes in the last financial year, says the Australian Cyber Security Centre (ACSC) in its annual cyber threat report released on Nov. 4.
The report noted that in Australia, the top reported cybercrime types are online fraud (26.9 percent), shopping (12.4 percent) and online banking (12.6 percent), making up 54 percent of all reports.
Ransomware only accounted for 0.59 percent of total cybercrime reports, but it remains the most destructive cybercrime threat as it not only disrupts the victim organisation but also brings them repetitional damage if stolen data is released or sold on.
The report also shows that the government sectors—which have additional reporting obligations—experienced the highest number of cyber security incidents, followed by the health care and social assistance sectors and the information media and telecommunications sectors.
Medium-sized businesses had the highest average loss per cybercrime report ($88,000), followed by large businesses ($62,000) and small businesses ($39,000).
Additionally, Australia’s states of Queensland and Victoria show disproportionately higher rates of cybercrime relative to their populations (27 percent and 29 percent, respectively), followed by New South Wales.
Cyber Space A Battle Ground
“Cyberspace has become a battleground,” the report said, “Cyber is increasingly the domain of warfare, as seen in Russia’s use of malware designed to destroy data and prevent computers from booting in Ukraine.”“In July 2021, the Australian government publicly attributed exploitation of Microsoft Exchange vulnerabilities to China’s Ministry of State Security.”
Richard Marles, Deputy Prime Minister and Minister for Defence said expanding cyber capabilities is critical amid the deteriorating strategic circumstances in the region and globally.
“The government considers cyber security and reinforcing our online resilience to be a national priority,” he said.
The report comes after several cyber incidents targeting major public companies like Medibank, Australia’s larger health insurer; Optus, the second largest telecommunications company; and EnergyAustralia, one of the three largest energy companies.
Other companies targeted include Vinomofo, Woolworths’ MyDeal, and Medlab.
The Defence department was also one of the victims of the data breach hack.
In the report, the ACSC encouraged individuals to protect themselves from cybercrime by updating their devices, activating multi-factor authentication, regularly backing up their devices, and setting secure passphrases.
Meanwhile, larger organisations are encouraged to implement the ACSC’s cyber security mitigation strategy, while smaller organisations are encouraged to review the cyber security posture of remote workers, patch vulnerabilities within 48 hours, only use reputable cloud service providers and managed service providers, and report all cybercrime to the ACSC.