Cybercrime ison the rise in Australia, with an incident reported every seven minutes, according to The Australian Cyber Security Centre (ACSC).
The
ACSC's Annual Cyber Threat Report has shown the agency received more
than 76,000 cybercrime reports in the 2021-22 financial year, an
increase of nearly 13 per cent from the previous year.
So how significant is the issue of cybercrime, what can the authorities do about it, and should you be worried?
Defence
minister and deputy prime minister Richard Marles told ABC Breakfast on
Friday there were many factors driving the increase in cybercrime
reports.
"In part we're living more of
our lives online, and the pandemic has accelerated that ... but
cybercrime is now big business, the average impact for a small business
is $40,000 per incident, and something like $88,000 for medium
businesses, so you can see there's a lot of money to be made by cyber
criminals," he said.
"We're
also seeing more state-based actors ... in the murky grey world that is
cyberspace, we're seeing a lot of cross-pollination between state
actors and cyber criminals and all of this is giving rise to a much more
precarious environment for all of us online."
Mr Marles said the Optus data breach was a reminder for both individuals and businesses to be more vigilant.
"That
incident [Optus breach] is something of a wake-up call ... in a way, I
hope this annual cyber threat report adds to the wake-up call, not just
for Optus but for the whole of the corporate sector and for individuals
as well," he said.
"Cyberspace is a much
more challenging environment ... there are a lot of pickpockets out
there, this can be happening on a grand scale, so people do need to be
more vigilant at an individual level."
What is the government doing?
Following
the Optus and Medibank data breaches, the Albanese government
introduced new legislation, increasing penalties on companies for
serious or repeated privacy breaches.
Under
the new legislation, penalties will rise from $2.22 million to
whichever is the greater of $50 million, 30 per cent of the company's
turnover in the relevant period, or three times the value of any benefit
gained from the stolen data.
The
deputy prime minister said fines would be "just part of the answer"
when it comes to improving cybersecurity around the country.
"It's
part of the answer ... I think we do need to be thinking about other
ways we can go about this in a regulatory sense," he said.
"We're
examining all of those options, I think a lot of this is about making
sure that the systems are in place across the private sector, across
government, that we are investing a lot more in this space - which we
are doing"
How can you protect yourself?
Mr Marles said the release of the report was part of an increase in public messaging around the importance of cyber safety.
When
it comes to individual protection, the ACSC recommends setting up
secure passwords and setting up multi-step authentication whenever
possible.
It also suggests regularly
updating apps and systems to ensure you are up-to-date with security
upgrades, and backing up files to external devices in case your accounts
are ever compromised.
Using browsers with hardened security settings and turning off browsing history and cookies can also be beneficial.
Cyber
Security Minister Clare O'Neil said businesses are expected to handle
their customer's cyber data better in light of the "concerning" report.
"To
big businesses around this country: you have got obligations to
Australians, especially if you are collecting and keeping personal
information about your customers," she told the Nine Network on Friday.
"I want the corporate sector to step up and do better."
What else did the report find?
The most at risk are Commonwealth and state government systems, making up more than one-third of all cyber incidents.
Health
systems were the next big targets, mainly due to cyber criminals
attacking vulnerable businesses that are more likely to pay ransoms to
access their data back.
The
security agency's head Abigail Bradshaw said cyber threats were
constantly evolving and targeting the nation's critical infrastructure
more frequently.
It blocked more than 24
million malicious domain requests, took down 29,000 attacks against
Australian services and responded to 185 ransomware movements, which is a
75 per cent increase.
The agency was also involved in five successful operations taking down online criminal marketplaces and foreign scam networks.