The ASD (Australian Signals Directorate) has released its Cyber Threat Report for 2022-2023.
Nothing that is found in the report should surprise anyone in the community, though the numbers remain as concerning as ever, in the sense that cyber risk is very real.
According to the ASD data, nearly 94,000 reports of cybercrime were made to law enforcement in the FY2022-2023 year. That’s one every six minutes, and that’s just the crimes that were reported.
Additionally, the ASD responded to over 1,100 cyber security incidents from Australian entities, and also noted that there’s a rise in operational technology that has been connected to the Internet becoming a threat vector. There were 143 incidents related to critical infrastructure, highlighting the need for ongoing vigilance with OT and the IoT as well.
Drilling further into the data, the numbers really crystalise the rapidly escalating cost and impact of cybercrime:
- The average cost of cybercrime per report, up 14 per cent:
- Small business: $46,000
- Medium business: $97,200
- Large business: $71,600
- Top 3 cybercrime types for business:
- Email compromise
- Business email compromise (BEC) fraud
- Online banking fraud
- Publicly reported common vulnerabilities and exposures (CVEs) increased by 20 per cent.
This Is Where Things Get A Little Frustrating…
On the one hand, it is undeniable that the escalation of cyber threats is significant. At a time when cyber security skill shortages are severe, meaning that many organisations are understaffed, and the economic climate means that budgets and resources are tight, it can seem like rising to this challenge would be difficult.
And yet, while the attacks are evolving faster, most of them can be mitigated using the well-known, basic measures. We know how to counter email compromise, and online banking fraud. The three most common cyber crimes impacting on individuals are identity fraud, online banking fraud and online shopping fraud. Educating people on those, too, doesn’t require that they are IT experts.
Furthermore, organisations of all sizes can support their internal teams with managed services, giving them access to cyber security best practices without having to recruit or have a large budget.
We have also known for some time that the relative immaturity of security best practices in operational technology would mean that IT needs to be brought in to help protect those environments.
All of this has been well known, but there seems to be an ongoing “paralysis of fear” in some sections of the community, where people see the numbers, find their scope terrifying and allow themselves to nihilistically believe that they can’t do anything about it, and then just hope they’re never targeted.
But there is a solution, and a way to mitigate so much of this risk. From there, being able to confidently embrace IT despite what these numbers say is surely worth the small effort that it takes to partner with a company like Excite Cyber.