TRANSCRIPT
The Australian Signals Directorate's Cyber Threat Report says a new cybercrime incident is reported in Australia on average every six minutes - with reports up by 23 per cent from last year.
The report has found cyber threats are increasingly targeting Australians individually, in their businesses and at the government level.
Rachel Noble is Director General of the Directorate and a former Head of the Australian Cyber Security Centre.
She says the rise in incidents is a growing concern for the nation.
"An Australian now reports to the Australian Signal Directorate one incident of cyber crime or cyber attack against them every six minutes. Last year it was every seven minutes, and the year before that it was every eight minutes. So this is a growing concern for our nation. Globally we have seen grave threats from malicious actors against our critical infrastructure, the world's critical infrastructure, water, energy, telecommunications, transport, schools and hospitals."
The top reporting sectors for cyber security incidents were the Federal Government, state and local governments, and professional, scientific and technical services.
According the report, the biggest culprit for state-sponsored cyber crime was China.
International cybersecurity experts highlight a cluster of activity earlier this year associated with a state-sponsored cyber actor based in China, with findings showing the actor focussed on espionage and information-gathering.
Deputy Prime Minister and Defence Minister Richard Marles has told ABC News the government is investing in the country's cyber-capacity.
"What the report makes clear is that in terms of cybercrime, we are seeing an increase in the number of reports of cybercrime over the course of the last year, a 23 per cent increase. Concerningly, each of those reports carry a much greater cost for businesses, a 14 per cent increase. So we're seeing more reports and incidents are themselves more costly for businesses. From a government point of view, we are seeing state actors showing more interest in our critical infrastructure and so we are investing $10 billion over ten years to the Australian Signals Directorate, which effectively sees a doubling in its size to bolster our cyber capacity. To bolster our cyber defences, in that sense."
Threats to businesses also rose over the last year, with the average self-reported costs of cyber crime to business up by 14 per cent.
On average, cyber crime costs businesses between $46,000 for small businesses and $72,000 for larger businesses.
NAB's Chief Technology and Operations Officer, Patrick Wright, says the bank blocks 50 million cyber threats every month.
He says greater education is needed to protect smaller businesses.
"What stands out for me in the report is the impact it's having on the business community, in particular the small business community. For each reported event businesses are losing up to $100,000, and remember, small businesses employ two or three Australian workers. We believe that education is key to helping businesses to take steps, active steps, to prepare themselves and secure their environments."
On the individual level, the most common threats of cybercrime were identity fraud, online banking fraud and online shopping fraud.
The report says as more and more Australians increasingly integrate technology into their lives and business, the target area for cyber criminals and data breaches expands.
Associate Professor of Computing and Information systems at Melbourne University, Toby Murray, says individuals subjected to company data breaches have little power in securing their information.
"When we're talking about data breaches that are occurring at large companies, so if you take the Optus breach or the Medibank breach from last year as examples. For individual Optus customers or individual Medibank customers, there's not a whole lot that they could have done differently that would have helped to protect themselves because of those breaches. And the reason is because individuals, as all individuals, we hand over so much of our personal information to these companies just as part of doing business with them, as being customers of them and the onus is really on those companies to be adequately protecting that information that they're holding about us."
But despite being unable to prevent the consequences of company data breaches, the report says individuals and companies can take measures to better secure their information and avoid falling for online scams.
Also included in the report are guidelines on how individuals and businesses can implement greater security measures and digital hygiene practices to keep themselves safe from cyber threats.
Toby Murray says the sophistication of most online scams has not advanced across the board, but that the boom in generative AI poses an added threat to vulnerable individuals targeted by cyber criminals.
"Hackers have used AI deep-fake technology in order to fake the voices of their children and to make a face voice call to mum saying "hey, can you send money?" or even "I've been kidnapped and you need to pay a ransom" and really scary things like that. You know, these sorts of things that are designed to play on our emotions and get us into a state where we feel really anxious and we're more likely to make a choice that we wouldn't have made otherwise like handing over money or something like that. And really the best defence against that then is education, so that people are aware that if you do get a text message or a phone call like that, then more than likely it's not real."
Over 110,000 Australians and Australian businesses have joined the Australian Signal Directorate's Cyber Security Partnership Program, which Australian Cyber Security Centre's Abigail Bradshaw says can create an early warning system for cyber threats in Australia.
