Australia’s cyber threat landscape

Sep 18, 2021

What are the most common cyber threats in Australia?

According to the ACSC, phishing and spearphishing remain the most common methods used by cyber criminals to harvest personal information or user credentials to gain access to networks, or to distribute malicious content.

Ransomware has emerged as one of the most significant threats as it impacts operations of businesses and governments. Recovering from ransomware is almost impossible without comprehensive backups. Unauthorised access by an adversary or criminal to a network, account, database or website forms a third common type of cyber incident.

How much does lack of security cost us?

The Australian Competition and Consumer Commission’s (ACCC) reported that Australians lost over A$634 million to scams in 2019. The true cost of cybercrime to the Australian economy is difficult to quantify, but industry estimates have previously placed cyber security incidents as high as A$29 billion annually.

Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses.

Cybercriminals follow the money. Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it very attractive and profitable for cybercrime adversaries.

Illicit tools, services and data can be purchased and used with minimal technical expertise to generate alternative income streams, launder money or undertake network intrusions.

What does the Government do?

The ACSC responds to hundreds of cyber security incidents each year. Many of these could have been avoided or substantially mitigated by good cyber security practices. Implementing ASD’s Essential Eight security controls will substantially reduce the risk of compromise, and help to prevent the most common tactics, techniques and procedures (TTPs) used by malicious cyber adversaries.

What can I do myself?

Applying the fundamentals of good cyber security as individuals, business owners and government agencies is vitally important. Many of the methods used by cybercriminals to steal personal and financial information can be easily mitigated through measures such as not responding to unsolicited emails and text messages, implementing multi-factor authentication and never providing another party with remote access to your computer.

This information has been taken from the Cyber Treat Report by the Australian Cyber Security Centre. Read the full report here.