In its Annual Cyber Threat Report, the ACSC said it received over 67,500 cyber crime reports, an increase of nearly 13 per cent from the previous financial year.
The increase in volume of cybercrime reporting equates to one report of a cyber attack every eight minutes compared with one every 10 minutes last financial year.
The ACSC noted Australian individuals, organisations and government entities' engagement online was largely influenced by the impacts of the COVID-19 pandemic.
The pandemic has significantly increased Australian dependence on the internet - to work remotely, to access services and information, and to communicate.
The Annual Cyber Threat Report said no sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity.
Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period.
One of the key cyber security threats identified by the ACSC in the past financial year was Business email compromise (BEC) which continues to present a major threat to Australian businesses and government enterprises.
The average loss per successful BEC event has increased to more than $50,600 - over one-and-a-half times higher than the previous financial year. Cybercriminal groups conducting BEC have likely become more sophisticated and organised, and these groups have developed enhanced, streamlined methods for targeting Australians.
BEC often involves cybercriminals compromising a business or personal email account and impersonating a trusted supplier or business representative to scam victims out of money or goods. Because BEC often appears legitimate and rarely relies on malicious links or attachments, these emails can often get past security and technical controls, such as anti-virus programs and spam filters.
The success of BEC scams relies on a lack of training and awareness among employees.
The most effective way to mitigate the threat of BEC is to educate staff on the following points, the ACSC says:
- Verify payment-related requests - if staff receive a request to make a large transfer or to change bank account details, they should verify that the request is legitimate before actioning it. Call the sender's established phone number or visit them face-to-face before transferring any funds.
- Identify fraudulent emails - ensure staff are trained to recognise suspicious emails, including fraudulent bank account change or requests to check or confirm login details.
While the implementation of technical controls is less important in preventing BEC, there are still a number of measures organisations and individuals can undertake to secure their email communication, including enabling multi-factor authentication, implementing email authentication measures and securing email gateways and servers.
The ACSC Annual Threat Report which includes links to helpful resources, can be viewed here: https://bit.ly/2Xu8RSe
Other resources can be found here: www.cyber.gov.au