As technology creeps further into our everyday lives, cybercriminals are taking advantage of the latest that technology has to offer and carrying out increasingly sophisticated scams worth eye-watering sums.

In the 2020-21 financial year alone, individuals and businesses in Australia reported total losses of more than $33 billion. The main types of cybercrime were fraud (23 per cent), shopping (17 per cent), online banking (12 per cent) and ID theft (7 per cent); while Queenslanders were the most frequent targets, at 30 per cent of total reports.i

The federal government agency, the Australian Cyber Security Centre (ACSC) says there was an increase in the severity and impact of incidents last year with nearly half categorised as “substantial”. They are also becoming more frequent. The agency received reports of cyberattacks at a rate of about one every eight minutes during the year, up from every 10 minutes the previous year.

Business losses add up

Small to medium businesses were often in the firing line. Small businesses lost an average $8,899 each in cyber scams during the year while medium businesses lost an average $33,442 each.

One of the most significant threats is so-called ransomware, malicious software that blocks access to a computer system until money is paid. The ACSC reports a 15 per cent increase in attacks with ransom demands ranging from thousands to millions of dollars.

But it’s not only the loss of money that affects organisations. The attacks also disrupt services and can damage the reputation of a business if the cybercriminals carry out their threat to release sensitive data.

One regular scam has seen hackers gain access to a business’s email account then email the firm’s customers changing bank account details for upcoming payments. The payment redirection scams cost businesses $128 million in 2020 with small and micro businesses suffering most, according to the Australian Competition and Consumer Commission’s Scamwatch.

So how do scammers access your system?

Phishing for cash

Most often these cyber criminals begin by fishing, or ‘’phishing” for personal information. They do this through phishing emails, where the email appears to be a legitimate request for information, such as passwords or credit card information, or encourages the user to click a link to a website that installs malicious software on the computer.

These phishing attacks can also come through mobile phone messages and from apparently trusted friends, colleagues or business partners.

Another access point is via vulnerabilities in computer software. These vulnerabilities are regularly patched by the software vendors, so it is a good idea to keep on top of any software updates to keep your system more secure.

Time for action

It might be difficult to imagine that anyone would bother to attack you or your business, but it appears cybercriminals don’t discriminate when it comes to searching for victims. The ACSC notes that no one is immune from cybercrime. That includes everyone from government agencies, large organisations, critical infrastructure providers, small to medium businesses, families and individuals.

So, it’s important to take a few steps to keep you and your business as safe as possible.

The ACSC guide to protecting your business recommends improving your chances of warding off attacks by:

    • Installing the latest anti-virus software,

 

    • Regular back-ups of your phones and computers in case of a ransomware attack,

 

    • Immediately restoring data from your latest back up to minimise any losses or business disruption,

 

  • Thinking carefully about responding to requests for identifying information or passwords even if an email appears to be from a trusted source such as your bank.

The ACSC warns that scammers are savvy enough to perfectly reproduce bank logos and email formats. The rule of thumb is to never give out your password to anyone and to contact the organisation directly through a phone number that you source independently of the email to check the request.

That goes for an unusual payment request from a supplier too, which may be a payment redirection scam. If your supplier unexpectedly changes their bank account details or sends an invoice you did not expect, it might be worth investigating further. Cybercrime is a serious threat that can disrupt businesses and take a heavy financial and emotional toll on individuals. So call us to discuss any concerns you may have about securing your business and personal financial information.

i ACSC Annual Cyber Threat Report 2020-21 | Cyber.gov.au

 

Photo by cottonbro from Pexels