Numbers of cyber attacks and data breaches are increasing year on year globally. In the US in 2021 there were 1,862 data breaches recorded which surpassed both 2020's total of 1,108 and the previous record of 1,506 set in 2017. (1) More alarming is the fact that many cybercrimes, both big and small, go unreported.

Australia’s relative wealth and high use of technology and online services makes it an attractive target for cyber criminals. Cyber criminals are preying on Australian businesses and individuals every 10 minutes, inflicting substantial financial losses. The two most common types of cyber crime that target individuals and businesses is ransomware which is used for extortion and various types of malware used to steal victims' login information when they interact with online services. Malicious incidents can occur on any device that's connected to the internet – computers or handheld devices.

• There have been more than 13,500 reports of cybercrime to the ACSC in the past three month
• The most commonly reported cybercrimes involve romance and bank scams
• Emails being compromised is one of the top issues facing businesses online

It is estimated that cyber security incidents cost Australian businesses up to $29 billion every year. (2)

Australian figures in general follow US trends with the Australian government’s Cyber Security Centre reporting that:

• Over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year.
• Self-reported losses from cybercrime total more than $33 billion.
• Approximately one quarter of reported cyber security incidents affected entities associated with Australia's critical infrastructure.
• Over 1,500 cybercrime reports of malicious cyber activity related to the coronavirus pandemic (approximately four per day).
• More than 75 per cent of pandemic-related cybercrime reports involved Australians losing money or personal information.
• Nearly 500 ransomware cybercrime reports, an increase of nearly 15 per cent from the previous financial year.
• Fraud, online shopping scams and online banking scams were the top reported cybercrime types.
• An increase in the average severity and impact of reported cyber security incidents, with nearly half categorised as 'substantial'. (3)

There is nothing to indicate that data compromises will decline in the future so the challenge for organizations of all sizes is to defend the data they collect and hold. This is increasingly difficult as cyber criminals continue to target high value data such as that held by the medical and educational sectors.

The Identity Theft Resource Center (ITRC) noted that attacks involving [ransomware](https://www.cnet.com/personal-finance/crypto/a-timeline-of-the-biggest-ransomware-attacks/) have doubled in each of the past two years, representing 22 percent of the total number of reported cyberattacks in 2021 in the US meaning that ransomware will surpass phishing as the top cause of data breaches this year. (4)

A survey commissioned by Anomali (performed online by Harris Poll between Sept. 9 and Oct. 13 2021), which included security professionals from companies with more than 5000 employees globally found that the threat of [ransomware](https://www.cnet.com/tech/services-and-software/ransomware-rises-as-a-national-security-threat-as-bigger-targets-fall/) continues to increase. Approximately half of those polled reported were hit with a [ransomware](https://www.cnet.com/tech/services-and-software/hacks-ransomware-and-data-privacy-dominated-cybersecurity-in-2021/) attack sometime in the past three years and 39% admitted to paying a ransom. Nineteen percent said they paid $500,000 or more. (5)

The global pandemic has exacerbated the situation with the bulk of the work force having moved to working from home. Attackers are seeking to exploit remote connections as a way into corporate networks. Other attackers target people in their non work capacity as they are spending more and more time in front of computer screens due to lock downs. Attackers attempt to nab banking information, personal passwords and other data that can be used to compromise accounts. Businesses and individuals need to up their security capabilities and knowledge in response. Methods such as two-factor authentication, biometrics and push notifications, are going to be a must. Simpler verification methods, like codes sent as SMS messages, just can't be trusted anymore. (6) Andrew Useckas, chief technology officer and co-founder of the cybersecurity firm ThreatX, says part of the problem is that companies don't know the size of the problem, because so much information is on corporate networks. (7)

One of the results of this increased awareness is the increase in regulation around information security. Whilst it is warranted and designed to protect businesses and the public from data breaches it is proving challenging to meet all the relevant regulatory requirements. This is especially true for small and medium sized businesses who collect and store personally identifiable information (PII). Examples of PII are medicare card number, tax file number, drivers license number, bank account details, credit card number, email address, address, or phone numbers. This information is highly prized by cyber criminals and therefore increases the risk of being targeted. In the same way that thieves moved away from better secured locations such as banks and targeted service stations, 7Elevans etc. cyber criminals are focussing on smaller business who lack the resources to protect PII data to the same extent that large financial institutions or government departments can.

In this environment Australian businesses, governments and individuals are wondering what next and how they can protect themselves.  The best place to start is to have a clear picture of what strengths and weaknesses exist in your IT systems and those of your suppliers. InfoSecAssure (ISA) provides you with a clear picture of your strengths and weaknesses and also suggests actions to remediate any weaknesses. ISA is a user-friendly tool which additionally allows you to provide your suppliers assurance that you meet the standards required by the various standards – ISO 270001, NIST, SOC2 etc.

References

1,4 - [https://www.cnet.com/tech/services-and-software/record-number-of-data-breaches-reported-in-2021-new-report-says/](https://www.cnet.com/tech/services-and-software/record-number-of-data-breaches-reported-in-2021-new-report-says/)

2 - [https://www.abc.net.au/news/2019-10-07/cyber-crime-how-to-help-protect-yourself/11577930](https://www.abc.net.au/news/2019-10-07/cyber-crime-how-to-help-protect-yourself/11577930)

3 – [The ACSC Annual Cyber Threat Report 2019–20](https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2019-june-2020 "ACSC Annual Cyber Threat Report, July 2019 to June 2020")

5 - [https://www.cnet.com/tech/services-and-software/cyberattacks-continue-to-increase-new-survey-says/](https://www.cnet.com/tech/services-and-software/cyberattacks-continue-to-increase-new-survey-says/)

6,7 - [https://www.cnet.com/tech/services-and-software/2022-shaping-up-to-be-an-epic-year-in-the-fight-to-protect-data/]

8 - [https://www.abc.net.au/news/2016-04-13/australia-attractive-target-for-cyber-attacks-experts/7324312?utm_campaign=abc_news_web&utm_content=link&utm_medium=content_shared&utm_source=abc_news_web](https://www.abc.net.au/news/2016-04-13/australia-attractive-target-for-cyber-attacks-experts/7324312?utm_campaign=abc_news_web&utm_content=link&utm_medium=content_shared&utm_source=abc_news_web)

‍

‍