During the financial year 2020-21, a cyberattack was reported to the Australian Cyber Security Centre (ACSC) every eight minutes, making Australia one of the most targeted nations in the world. During this period, an estimated 67,500 cybersecurity incidents were reported, a 13 percent spike from the previous year. Furthermore, the majority of these attacks were categorised as “substantial,” with approximately a quarter affecting entities associated with Australia’s critical infrastructure.
In light of these rising attacks, there is an urgent need for businesses in Australia to keep up with their cybersecurity responses. However, cybercriminals are getting creative and it is becoming increasingly difficult to predict ways in which cyber-attacks can impact businesses in Australia.
For instance, in this article, we explored how a fake Zoom invite led to the demise of the Sydney-based hedge fund Levitas Capital. It was reported that after one of the fund’s co-founders opened the Zoom link, a hacker was able to send off a series of fake invoices on behalf of the firm. Levitas capital was forced to shut down after one of its largest clients, Australian Catholic Super, withdrew its funds after hearing of the cyber attack.
In my latest article, I discuss the latest Optus debacle and why they certainly won’t be the last company to face a cyber attack. In fact, based on history, it seems no business is immune – no matter their level of security.
Let us explore five unexpected ways in which cyber-attacks can impact businesses in Australia:
Five types of cyber attacks that can impact your business in Australia
- Business email compromise
It may come across as unimportant or maybe even obvious but Business Email Compromise (BEC) is a major cybersecurity threat worldwide that sometimes businesses tend to underestimate. In Australia, the impact of these scams is significant. In 2021 alone, local businesses were scammed out of $227 million in “payment redirection” cons – which includes BEC. In BEC scams, hackers typically impersonate an employee and defraud stakeholders like VCs, partners and clients to disclose confidential financial information.
- Conversation hijacking
In conversation hijacking scams, cybercriminals either integrate themselves into ongoing business conversations or initiate altogether new conversations based on facts they’ve gathered from compromised email accounts. Criminals can also use email-domain impersonation techniques to create seemingly legitimate sounding messages. An Australian business lost $190 000 when their supplier’s email was hacked, and this is not an isolated case. Globally, there has been a 400 percent increase in these types of cyber attacks.
- URL phishing
URL phishing is a type of cyber attack where cybercriminals make contact using a disguised email and direct victims to a misleading website. On this website, they ask for sensitive information such as usernames, passwords, or banking details. This year, Australians have lost over $295 million to scams in just the first half. This is double as compared to the first half of 2021 when Australians lost a combined $139 million.
- Denial of service (DDoS)
A Denial-of-Service attack is a significant threat to businesses in Australia. In this type of cyber attack, systems, servers, or networks are targeted and flooded with traffic to exhaust the company’s resources and bandwidth. For example, in 2020, Australian telecommunications company Telstra’s customers were unable to access the internet as the telco was under a denial of service attack. A recent report found that DDoS attacks are becoming increasingly large and complex. By the last quarter of 2021, the mean DDoS attack size in Australia was recorded at above 21 Gbps- this was more than four times the level from the beginning of 2020.
- Weak passwords compromise
Given the constant conversation around cybersecurity, it will come across as a shock but weak passwords are still among the top reasons for data breaches and cyber-attacks in Australia. Businesses in Australia, especially startups and SMEs are at risk due to poor password management culture, studies suggest.
Cyber attacks: what’s a cost-effective solution?
Cybersecurity is a major threat to businesses in Australia. Companies, big and small, are falling prey to cyber criminals constantly. In May 2019, Australian unicorn Canva suffered a data breach that impacted 137 million of its users. In March 2021, Eastern Health, a hospital chain in Melbourne, fell victim to a cyberattack causing certain elective surgeries to be postponed. In 2022, one cybercrime targets Australian businesses every 10 minutes.
Adding to the challenges of businesses in Australia, especially startups and SMEs with small budgets, is the fact that hiring cybersecurity experts is becoming increasingly expensive in the country. This is mainly due to factors like major talent shortages in the industry and increasing costs of cybersecurity.
This is where Cyber Insurance can provide an affordable and reliable solution. I wrote this article explaining what cyber insurance is and how it can help your business in Australia. As an award-winning business insurance company, we have the experience and expertise in working with Australian companies with a diverse range of Cyber Insurance needs. We are also an AFSL licensed insurance broker. This means we are regularly audited ensuring an exceptional level of service and integrity.
If you are keen on having an open conversation to see how we can help you choose the right cyber insurance for your business in Australia, don’t hesitate to contact us.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email info@crucialinsurance.com.au.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511. This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.