During the financial year 2020-21, a cyberattack was reported to the Australian Cyber Security Centre (ACSC)every eight minutes, making Australia one of the most targeted nations in the world. During this period, an estimated 67,500 cybersecurity incidents were reported, a 13 percent spike from the previous year. Furthermore, the majority of these attacks were categorised as “substantial,” with approximately a quarter affecting entities associated with Australia’s critical infrastructure.
In light of these rising attacks, there is an urgent need for businesses in Australia to keep up with their cybersecurity responses. However, cybercriminals are getting creative and it is becoming increasingly difficult to predict ways in which cyber-attacks can impact businesses in Australia.
For instance, in this article, we explored how a fake Zoom invite led to the demise of the Sydney-based hedge fund Levitas Capital. It was reported that after one of the fund’s co-founders opened the Zoom link, a hacker was able to send off a series of fake invoices on behalf of the firm. Levitas capital was forced to shut down after one of its largest clients, Australian Catholic Super, withdrew its funds after hearing of the cyber attack.
In my latest article, I discuss the latest Optus debacle and why they certainly won’t be the last company to face a cyber attack. In fact, based on history, it seems no business is immune – no matter their level of security.
Let us explore five unexpected ways in which cyber-attacks can impact businesses in Australia:
Five types of cyber attacks that can impact your business in Australia
Business email compromise
It may come across as unimportant or maybe even obvious but Business Email Compromise (BEC) is a major cybersecurity threat worldwide that sometimes businesses tend to underestimate. In Australia, the impact of these scams is significant. In 2021 alone, local businesses were scammed out of $227 million in “payment redirection” cons – which includes BEC. In BEC scams, hackers typically impersonate an employee and defraud stakeholders like VCs, partners and clients to disclose confidential financial information.
Conversation hijacking
In conversation hijacking scams, cybercriminals either integrate themselves into ongoing business conversations or initiate altogether new conversations based on facts they’ve gathered from compromised email accounts. Criminals can also use email-domain impersonation techniques to create seemingly legitimate sounding messages. An Australian business lost $190 000 when their supplier’s email was hacked, and this is not an isolated case. Globally, there has been a400 percent increase in these types of cyber attacks.
In conversation hijacking scams, cybercriminals either integrate themselves into ongoing business conversations or initiate altogether new conversations based on facts they’ve gathered from compromised email accounts. Criminals can also use email-domain impersonation techniques to create seemingly legitimate sounding messages. An Australian business lost $190 000 when their supplier’s email was hacked, and this is not an isolated case. Globally, there has been a400 percent increase in these types of cyber attacks.
URL phishing is a type of cyber attack where cybercriminals make contact using a disguised email and direct victims to a misleading website. On this website, they ask for sensitive information such as usernames, passwords, or banking details. This year, Australians have lost over $295 million to scams in just the first half. This is double as compared to the first half of 2021 when Australians lost a combined $139 million.
Denial of service (DDoS)
A Denial-of-Service attack is a significant threat to businesses in Australia. In this type of cyber attack, systems, servers, or networks are targeted and flooded with traffic to exhaust the company’s resources and bandwidth. For example, in 2020, Australian telecommunications company Telstra’s customers were unable to access the internet as the telco was under a denial of service attack. A recent report found that DDoS attacks are becoming increasingly large and complex. By the last quarter of 2021, the mean DDoS attack size in Australia was recorded at above 21 Gbps- this was more than four times the level from the beginning of 2020.
Weak passwords compromise
Given the constant conversation around cybersecurity, it will come across as a shock but weak passwords are still among the top reasons for data breaches and cyber-attacks in Australia. Businesses in Australia, especially startups and SMEs are at risk due to poor password management culture, studies suggest.
Cyber attacks: what’s a cost-effective solution?
Cybersecurity is a major threat to businesses in Australia. Companies, big and small, are falling prey to cyber criminals constantly. In May 2019, Australian unicorn Canva suffered a data breach that impacted 137 million of its users. In March 2021, Eastern Health, a hospital chain in Melbourne, fell victim to a cyberattack causing certain elective surgeries to be postponed. In 2022, one cybercrime targets Australian businesses every 10 minutes.
Adding to the challenges of businesses in Australia, especially startups and SMEs with small budgets, is the fact that hiring cybersecurity experts is becoming increasingly expensive in the country. This is mainly due to factors like major talent shortages in the industry and increasing costs of cybersecurity.
This is where Cyber Insurance can provide an affordable and reliable solution. I wrote articles explaining what cyber insurance is and how it can help your business in Australia. As an award-winning business insurance company, we have the experience and expertise in working with Australian companies with a diverse range of Cyber Insurance needs. We are also an AFSL licensed insurance broker. This means we are regularly audited ensuring an exceptional level of service and integrity.
If you are keen on having an open conversation to see how we can help you choose the right cyber insurance for your business in Australia, don’t hesitate to contact us.
General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.
All information above has been provided by the author.
Tony Venning, Crucial Insurance and Risk Advisors, ABN 93 166 630 511, AFSL 451450
This article originally appeared on
Crucial Insights
and has been published here with permission.