ALI CREW: Australians are again being warned to remain alert to the threat of cybercrime, with more than one incident being reported every 10 minutes. The Federal Government has launched a new cybersecurity campaign today aimed at educating families, businesses and organisations on how to protect themselves from threats, with a campaign to run on social media and digital platforms. Abi Bradshaw is the Head of the Australian Cyber Security Centre. She says they’ve seen all sorts of new and innovative ways that criminals are trying to get Australians’ money and data this year.
ABI BRADSHAW: Regularly we’ve seen emails phishing or SMS phishing. This is when people will send you links, often pretending to be someone that they know Australians trust, so perhaps on behalf of a bank or a welfare support agency or a government service, and then entice people to click on a link and then provide all sorts of details that might provide access to bank accounts or other data of interest. But also what we’ve seen this year, and is reflected in our annual threat report, is that ransomware is an increasing avenue utilised by criminals to lock up people’s systems and data, and then demand a ransom in return for their release.
ALI CREW: So, with more than one incident reported every 10 minutes, do you have any actual examples of some of those incidents and the impact they’ve had?
ABI BRADSHAW: Yeah, enormous impacts actually. So regularly we see the impact of fraud, of email business compromised or regularly small businesses, like the ones that the Minister and I sat and had a roundtable with this morning, who are very concerned about the threat of invoice fraud. So cyber criminals who are intercepting emails containing legitimate invoices and adjusting the banking details so that the payment ends up in the criminal’s bank account. We’ve seen that fraud over invoices occurring via cyber means for very large sums of money, sums which can absolutely wipe out businesses. Equally this year we’ve seen ransomware attacks on reasonably large businesses, as well as small businesses, which can cripple a business while they try and work out how to keep their businesses going, and how to decrypt their systems or access to their customer reference or booking centre or other systems that keep their businesses going.
ALI CREW: So, what is the financial impact of cybercrime in Australia at the moment?
ABI BRADSHAW: Well, it’s hard for us to tell to be honest. We’ve seen, as our report reflects, that over the last 12 months our Reportcyber tool has had 60,000 reports from individuals and businesses across Australia, reporting instances of cybercrime. We’ve equally – our 24/7 watch team has responded to over 2,200 cybersecurity incidents. That’s where we’ve actually gone in and assisted entities or individuals in mitigating an attack on their system. But we actually think that those numbers are drastically unreported. I actually think that there’s far more going on than actually reported and we’re encouraging people to come forward and report. The reason we do that is that, aside from the fact that we might be able to assist entities, it enables us to get a better view of contemporaneous threats, so what’s going on at the moment, so that we can share that with other Australians and help them to raise their defences before it spreads more broadly. In some industry estimates at the moment suggest that cybersecurity incidents cost Australian businesses up to $29 billion each year.
ALI CREW: And, of course, it’s not just businesses that are targeted by cyber criminals but also vulnerable people and children as well?
ABI BRADSHAW: In some respects, children and vulnerable people might more easily be duped into entering information in response to one of those emails or SMSs that is pretending to be from a trusted source. Their instincts might not be as highly tuned as others. The other thing is, and this is the point of our campaign, is that children may not well be as attuned to the risk of cybercrime because they might not have been impacted and they’re less suspicious and less concerned about engaging and exchanging information in an online environment.
ALI CREW: Given the deteriorating situation with the Australia/China relationship at the moment, how wary should Australians be about Chinese players in cyberspace?
ABI BRADSHAW: Look, we at the ACSC are concerned about a broad range of players. We’re equally concerned by cyber criminals as we are state-based actors and our role is to give advice to all Australians, whether you’re individuals or businesses, about how to lift your cyber defences. So, in some respects the source of that threat is a distraction. What we’re asking people to do through our campaign is to make cybersecurity a normal part of everyday life of being online, and actually doing three simple things. It’s going to help protect you from ransomware in the same way as it will protect you from a whole variety of potential threats. So we’re asking Australians and businesses, firstly, to update your device, update your software, and that means every time that icon comes on to say a new variety of software update’s available, don’t push “Remind me later”, push “Turn it on now”. If you can, put on the automatic updates so you don’t even have to think about it. Secondly, to use two-factor authentication wherever you can, particularly if you’re a business. Using that two-factor authentication on your mailbox is really important. And lastly, to always create backups of your valuable data and wherever you can, back up that data where it’s separate and not connected to the internet, because that’s the best business continuity plan you can have.
REPORTER: Some good advice there from Abi Bradshaw, the Head of the Australian Cyber Security Centre.