The Australian Cyber Threat Report for 2023–2024, released by the Australian Signals Directorate (ASD), highlights a significant escalation in cyber threats affecting businesses across the nation.

If you are interested in reading the whole report, you can find it here, otherwise lets jump to our summary of the key facts and figures:

The top 3 cybercrimes reported by businesses:

• email compromise resulting in no financial loss (20%)
• online banking fraud (13%)
• business email compromise (BEC) fraud resulting in financial loss (13%).

The average self-reported cost of cybercrime to businesses decreased by 8% overall, but are still significant:

• $49,600 for small business (up 8%)
• $62,800 for medium business (down 35%)
• $63,600 for large business (down 11%).

Almost $84 million in losses due to BEC were self-reported to ReportCyber. BEC continues to significantly impact businesses, with an average financial loss of over $55,000 for each confirmed incident.

You can also discover the top cyber threats and cyber security incidents affecting Australia, in this informative video:

Now lets get more into the nitty gritty of the report:

Surge in Cybercrime Reports

Over the past financial year, the ASD received more than 87,000 cybercrime reports, averaging one every six minutes. This marks a substantial increase, with the Australian Cyber Security Hotline fielding over 36,700 calls—a 12% rise from the previous year. These figures suggest both a heightened awareness of cyber threats and an actual uptick in malicious activities targeting Australian businesses.

Financial Impact on Businesses

Small businesses have been notably impacted, experiencing an 8% increase in the average cost per cybercrime incident, now reaching $49,600. For individuals, the average reported loss has escalated by 17%, amounting to $30,700 per incident. These rising costs reflect the growing sophistication and prevalence of cyber attacks, underscoring the critical need for businesses to invest in effective cybersecurity measures.

Predominant Threats

The report identifies several key threats that have become increasingly prevalent:

• Business Email Compromise (BEC): BEC remains the most commonly reported cybercrime among businesses, involving unauthorized access to corporate email accounts to defraud companies and their clients. jamcyber.com
  
• Ransomware Attacks: These attacks, where criminals encrypt an organization's data and demand payment for restoration, accounted for 11% of all incidents reported in the fiscal year 2023–24. The dual threat of data encryption and theft for extortion purposes has become a pervasive and costly challenge. bdo.com.au
  
• Identity Theft and Online Fraud: Individuals have reported significant incidents of identity fraud (26%), online shopping fraud (15%), and online banking fraud (12%), highlighting the diverse methods cybercriminals employ to exploit personal and financial information. 

Critical Infrastructure Under Siege

Alarmingly, over 11% of cybersecurity incidents responded to by the ASD were related to critical infrastructure sectors, including electricity, gas, water, and waste services. The most frequent attack vectors involved compromised accounts or credentials, malware infections, and direct compromises of assets and networks. Such breaches pose significant risks, potentially disrupting essential services and impacting the broader economy.

Emerging Threats and Trends

The report also highlights the growing utilisation of artificial intelligence (AI) by cybercriminals to enhance the sophistication of attacks, such as automating phishing schemes and creating convincing deepfakes. Additionally, there has been a notable increase in "quishing" attacks—phishing attempts that use QR codes to direct victims to malicious websites. These developments indicate that cyber threats are becoming more complex and harder to detect, necessitating advanced defensive strategies.

Recommendations for Business Owners

Given the current threat environment, it is imperative for business owners to adopt proactive cybersecurity measures, if you haven't already read our 14 ways to protect your business from a Cyber Attack we highly recommend taking the time to read about how you can proactively protect your business. You'll find more about these key areas that can help:

• Implementing Multi-Factor Authentication (MFA): Adding an extra layer of security can prevent unauthorised access even if credentials are compromised.
  
• Regular Software Updates: Keeping systems and applications up to date ensures that known vulnerabilities are patched promptly. Our monthly Maintenance and Security plan ticks this box.
• Employee Training: Educating staff about recognizing phishing attempts and other common attack vectors can reduce the risk of successful breaches.
  
• Data Backup and Recovery Plans: Regularly backing up data and having a robust recovery plan can mitigate the impact of ransomware attacks.
• Password Management: We have covered how to create and maintain strong password management practices in one of our previous blogs and password managers are perfect for this, you can check out our guide on the top 5 must haves in a Password Management tool, to find the best fit for you.
• Engage with Cybersecurity Professionals: Regular consultations with experts (like us!) can help identify vulnerabilities and implement effective security strategies.
  

By staying informed and adopting comprehensive cybersecurity practices, Australian businesses can better protect themselves against the rising tide of cyber threats.

That rounds out the key points from the report, as always,  if you would like to sit down for a no bullsh*t discussion about securing your business give us a call on 1300 778 078