The ACSC Annual Threat Report 2020–2021 presents a compelling case for the need to increase cyber-security awareness and adopt behavioural changes to prevent falling victim to cyber crime.
In the 2020–21 financial year, the ACSC received over 67,500 cyber-crime reports, an average of one every eight minutes, representing an increase of nearly 13% from the previous financial year.
Cyber-crime reports submitted via ReportCyber recorded total financial losses of more than AU$33 billion. Over 12,000 reports, or 18%, were made from NSW. The complexity and sophistication of cyber threats continued to rise during 2020–21.
COVID-19 aids cyber crime
One major trend identified in this year’s report was the exploitation of the pandemic environment, with malicious cyber actors pivoting to exploit the coronavirus pandemic.
The report found malicious cyber actors took advantage of Australia’s heightened vulnerability during this time to conduct espionage, steal money and sensitive data, and disrupt the services on which Australians rely.
Meanwhile, ransomware continued to pose one of the most significant threats to Australian organisations.
Cyber criminals are moving away from low-level ransomware operations towards extracting hefty ransoms from large or high-profile organisations.
To increase the likelihood of ransoms being paid, cyber criminals are encrypting networks and also exfiltrating data, then threatening to publish stolen information on the internet.
These shifts in targeting and tactics have intensified the ransomware threat to Australian organisations across all sectors, including critical infrastructure.
Australian businesses targeted
Business email compromise (BEC) presented an insidious and growing threat to Australian businesses and government enterprises.
BEC was one of the top five cyber-crime categories, responsible for over 4,600 reports to ReportCyber, representing nearly 7% of total cyber-crime reports received.
The average reported loss was from business email compromise, around $50,600, representing a 54% increase compared to the previous financial year.
Cyber crime reported through ReportCyber cost small businesses, on average, $9,000. Medium-sized were the hardest hit, with an average cost of $33,000, while large organisations incurred a $19,000 cost.