The Australian Signals Directorate (ASD) Cyber Threat Report for the period July 2022 to June 2023 provides a comprehensive overview of the prevailing cyber threats and vulnerabilities in today’s cyber landscape.
As a tech and cybersecurity company committed to keeping our clients and community informed and secure, we will highlight key stats and information, giving you an overview of what you need to know from this report to better protect your business.
If you would like to read the report in full, click here.
Top 3 Cybercrime Types for Business
The cyber threat landscape is more dynamic than ever, and understanding the prevalent risks is very important. According to the ASD report, the top three cybercrime types impacting businesses are:
- Email Compromise and Fraud:
- Email Compromise: Attackers exploit vulnerabilities in email systems, posing a significant threat to businesses. Cybercriminals often gain unauthorized access to email accounts, leading to potential data breaches and financial losses.
- BEC Fraud: Cybercriminals target organizations through deceptive email tactics, posing as trusted entities to trick and manipulate employees. Robust email security measures are essential to prevent these sophisticated attacks.
- Online Banking Fraud:
- As financial transactions continue to migrate online, the threat of online banking fraud has surged. Cybercriminals leverage various tactics, including phishing and malware, to compromise online banking credentials. Businesses must implement stringent security measures to protect their financial assets and sensitive information.
- Supply Chain Attacks:
- Malicious actors targeting vulnerabilities in the network of suppliers, service providers, and technologies associated with an organization, aiming to compromise a trusted entity within the supply chain and subsequently exploit its access to infiltrate and compromise the target organization’s systems.
The statistics found by the ASD paint a concerning picture, with a 20% increase in publicly reported Common Vulnerabilities and Exposures (CVEs). Furthermore, there has been a staggering 23% rise in cybercrime reports, with the average cost per report seeing an average 14% increase from last year.
As of this past financial year the average cost per breach was as follows:
- Small Business: $46,000
- Medium Business: $97,200
- Large Business: $71,600
As can be seen here, medium sized businesses seem to suffer the largest losses both actually and proportionally to their size.
Cybercrime inflicts many harms on small-to-medium businesses, extending beyond financial costs to include effects on health and legal matters. The report highlights a substantial underreporting of cybercrime in Australia, with two-thirds of survey respondents indicating that they have experienced cybercrime at some point in their lives.
General Protection: What You Can Do
The ASD emphasizes that all Australians play a crucial role in maintaining cybersecurity. Here are essential steps everyone should take:
- Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your online accounts by introducing extra means of verification before access is granted to accounts and such.
- Use Strong, Unique Passphrases: a strong type of password that has four or more random words. This is especially important for critical accounts like email and banking; consider utilizing password managers for enhanced security.
- Keep Software Updated: Turn on automatic updates to ensure your software is fortified against the latest threats.
- Regularly Back Up Data: Safeguard your important files and configurations by maintaining regular backups.
- Stay Vigilant Against Phishing: Be cautious of phishing messages and scams.
- Subscribe to ASD’s Alert Service: Stay informed about the latest threats through the ASD’s free Alert Service.
- Report Cybercrime: In case of an incident, promptly report cybercrime to ReportCyber.
Business Protection: Cybersecurity Best Practices
For Australian businesses and organizations, the ASD provides additional guidelines to enhance cybersecurity resilience:
- Choose Reputable Service Providers: Utilize cloud and managed service providers with robust cybersecurity measures.
- Regularly Test Cybersecurity Plans: Ensure detection, incident response, business continuity, and disaster recovery plans are tested regularly.
- Evaluate Remote Workers’ Cybersecurity Posture: Assess the cybersecurity practices of remote workers, including their use of communication and collaboration tools.
- Cybersecurity Training for Staff: Educate your workforce on cybersecurity, especially on recognizing scams and phishing attempts.
- Implement ASD’s Essential Eight Maturity Model: Follow the guidelines outlined in the Essential Eight framework to fortify your organization’s defenses.
- Join ASD’s Cyber Security Partnership Program: Collaborate with ASD and fellow organizations to strengthen collective cybersecurity efforts.
- Report Incidents: Actively report cybercrime and cybersecurity incidents to ReportCyber or your security provider for timely intervention.
If you are not sure where to start with any of these recommendations, we are here to help. We specialize in keeping your business safe from growing and evolving cyber security threats.