Cybercrime on the rise
In its annual Cyber Threat Report, the CCAA said it received more than 67,500 cybercrime reports, an increase of almost 13% from the previous fiscal year.
The increase in the volume of cybercrime reports equates to one cyberattack report every eight minutes compared to one every ten minutes the previous year.
The ACSC noted that the online engagement of Australian individuals, organizations and government entities was largely influenced by the impacts of the COVID-19 pandemic.
The pandemic has dramatically increased Australia’s dependence on the internet – for working remotely, accessing services and information, and communicating.
The annual Cyber Threat Report said no sector of the Australian economy is immune to the impacts of cybercrime and other malicious cyber activity.
Government agencies at all levels, large organizations, critical infrastructure providers, small and medium enterprises, families and individuals were all targeted during the reporting period.
One of the main cybersecurity threats identified by the CCAA over the past fiscal year was Commercial Email Compromise (BEC), which continues to pose a major threat to Australian businesses and government enterprises.
The average loss per successful BEC event increased to over $ 50,600, more than one and a half times more than the previous year. The cybercriminal groups that run the BEC have likely become more sophisticated and organized, and these groups have developed improved and streamlined methods of targeting Australians.
BEC often involves cybercriminals compromising a business or personal email account and posing as a trusted provider or sales representative to defraud victims with money or property. Since BEC often looks legitimate and rarely relies on malicious links or attachments, these emails can often pass security and technical checks, such as antivirus programs and spam filters.
The success of BEC scams is based on a lack of training and awareness of employees.
The most effective way to mitigate the threat of CLB is to educate staff on the following, according to the CCAA:
- Verify payment requests – if staff receive a request to make a large transfer or change bank details, they should verify that the request is legitimate before proceeding. Call the sender’s established phone number or visit them in person before transferring funds.
- Identify fraudulent emails – make sure staff are trained to recognize suspicious emails, including fraudulent bank account changes or requests to verify or confirm login information.
While implementing technical controls is less important to preventing BEC, there are still a number of steps organizations and individuals can take to secure their email communications, including enabling authentication. multifactor, the implementation of e-mail authentication measures and the securing of gateways and mail servers.
The CCAA Annual Threat Report, which includes links to useful resources, can be viewed here: https://bit.ly/2Xu8RSe
Other resources are available here: www.cyber.gov.au