Mitigating the Threats of Cybercrime

/

Cybercrime poses a serious financial, security, operational and reputational threat to Australian businesses.

Reducing risk by implementing strategies to improve systems security remains the best way for organisations to protect themselves.  Being aware of risks and planning what to do in case of an emergency are also important steps for businesses to implement. 

QiBalance Bookkeeping recognises the vital importance of information security and takes great care with the protection of sensitive client information.  We recommend that clients contact us in addition to the Australian Signals Directorate in the event of a cybersecurity threat.

The Australian Signals Directorate (ASD) is a government agency responsible for protecting Australia from cyber threats.  They provide resources for individuals and organisations to implement strong cybersecurity and assist Australians with managing cybersecurity incidents.  Their 2023-24 Annual Cyber Threat Report is a valuable source of cybersecurity information. 

Want to stay in the loop with our regular newsletter?

Each month we share business, bookkeeping, and QiBalance updates.

 

2023-24 Annual Cyber Threat Report Summary

The Australian Signals Directorate’s  2023-24 Annual Cyber Threat Report highlights the growing cyber dangers facing Australians.  Global conflicts, rising tensions in the Indo-Pacific region, and technological advancements provide cybercriminals and state-sponsored hackers with new ways to target governments, businesses, and households.  Major risks include espionage, disinformation campaigns and cyberattacks on critical infrastructure.

The Australian Signals Directorate (ASD) is the Australian Government’s technical authority on cyber security.  The ASD monitors electronic communications, defends critical infrastructure, and conducts operations to support national security. 

In the past year, the ASD received over 36,700 calls for help and handled 1,100 cyber incidents.  Hackers, sometimes backed by foreign governments, use sophisticated tactics to disrupt networks and steal sensitive data.  Critical infrastructure such as energy and healthcare are primary targets, as cybercrime attacks on those sectors can cause widespread disruption.

Cybercrime is Growing

Cybercrime is a significant concern, with criminals increasingly using advanced tools such as artificial intelligence to operate more effectively.  In the 2023-24 financial year, common cybercrimes reported in Australia included:

  • Business email compromise 

  • Fraud 

  • Ransomware 

  • Data theft extortion 

These attacks have led to financial losses, significant disruption, and reputational damage for businesses.

Ransomware: A Growing Threat 

Ransomware remains one of the most significant cyber threats, particularly for small and medium-sized businesses.  Ransomware attacks involve cybercriminals encrypting data or locking systems, then demanding a ransom for its release. 

Attackers are increasingly stealing sensitive data and using it for extortion.  Paying a ransom does not guarantee a business will recover their data, and often, an attack does not stop with one payment. 

Small businesses are particularly vulnerable to these types of attacks, as they may lack the resources to implement robust cybersecurity measures.  Ransomware attacks can lead to significant financial losses, reputational damage, and operational disruptions, leaving businesses offline and unable to access important data. 

The ASD advises businesses not to pay ransoms, as paying a ransom does not ensure data recovery or prevent further attacks.  Instead, the ASD recommends focusing on adopting strong security measures, including regular updates, secure backups, and proactive threat detection systems.

Cybersecurity is an Ongoing Effort

Cybersecurity is not a one-time fix – it is an ongoing effort that involves vigilance and consistency.  Organisations should prioritise reducing vulnerabilities by replacing outdated systems with secure-by-design products that are produced with security in mind from the start.  New technologies should also be assessed with security as a key consideration before they are used. 

Organisations can mitigate risks by following industry best practices, for example, by implementing the Essential Eight.  The Essential Eight are eight fundamental mitigation strategies from the ASD’s Strategies to Mitigate Cyber Security Incidents

  1. Patch applications: applications are scanned for vulnerabilities and updated to mitigate vulnerabilities. 

  2. Patch operating systems: operating systems are scanned for vulnerabilities and updated to mitigate vulnerabilities. 

  3. Multi-factor authentication: more than one form of authentication is used to verify authorised users’ access to organisation services that process, store or communicate sensitive data. 

  4. Restrict administrative privileges: requests for privileged information are managed appropriately and updated to remain current. 

  5. Application control: unauthorized applications and malware are restricted from executing in a way that puts sensitive data at risk. 

  6. Restrict Microsoft Office macros: organisations manage the embedded code of Microsoft Office files such that only secure macros are trusted and systems are protected from malicious macros. 

  7. User application hardening: applications are configured to work correctly, securely and in a way their ability to be used maliciously is limited. 

  8. Regular backups: data is regularly backed up to an external storage device or online server, so files can be restored and data can be accessed if something goes wrong. 

Further information on cybersecurity and the Essential Eight can be found on the ASD website. 

Regular updates and ongoing maintenance are also essential for system resilience.  For critical infrastructure organisations, preparing for a cyberattack is essential.  Organisations should understand their systems and should have both response and recovery plans in case of a cyber incident. 

Reporting Cybersecurity Incidents 

If you experience a cybercrime or cybersecurity incident, it is important to report it immediately.  Cybercrime reports will be referred to the relevant law enforcement agency, while cybersecurity incidents should be reported through the ASD’s ReportCyber portal

Cybersecurity incidents can include: 

  • Denial of Service (DoS) attacks 

  • Scanning and reconnaissance 

  • Unauthorised access to a network or device 

  • Data exposure, theft, or leaks 

  • Malware or ransomware attacks 

  • Phishing or personalised ‘spear-phishing’ attempts 

  • Other suspicious cyber activity 

How the ASD Can Help

When you report an incident, the ASD provides immediate assistance, including advice on how to contain and remediate the issue.  They may also connect you with relevant Australian government organisations for further support.  In more complex cases, the ASD may deploy a team of digital forensics specialists to assist with technological investigations. 

The ASD encourages every organization and individual who observes suspicious cyber activity, incidents or vulnerabilities to report to cyber.gov.au/report or the Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371).  The ASD provides free technical incident response advice and assistance 24 hours a day, 7 days a week.  They also offer guidance on managing public communications during an incident to protect the integrity of the investigation. 

Source: Cyber.gov.au – Annual Cyber Threat Report 2023-2024 

Disclaimer: This blog post is a summary of a newsletter produced by the Institute of Certified Bookkeepers and distributed by members. All or any advice contained in this article is of a general nature only and may not apply to your individual business circumstances.

For specific advice relating to your specific situation, please contact your accountant or contact QiBalance Bookkeeping for further discussion. 

The Institute of Certified Bookkeepers 
Tel: 1300 856 181 
Email: admin@icb.org.au