In 2015, over four million Australians have been hit by cyber-crime, with the cyber attacks costing Australia in excess of $1.2 billion a year. This is quite a staggering figure when you consider the entire population of Australia is only 23 million people, (18 million being adults). This equates to 1 in 4 of the adult population are being hit by cybercrime.
Recent global reports show that it is just a fraction of the global problem, with the annual damage bill estimated to be $600 billion. ACMA, the Australian Communications and Media Authority estimates 15,000 systems compromised in Australia every day.
It is predicted that the key trends in cybercrime in 2016 will include social engineering attacks, Spear Phishing attacks, attacks on wearable technology, social media attacks, hacks of the countless smart devices connected in the so-called “Internet of Things” from household appliances to cars, and a continuing explosion in the ever-increasing wave of ransomware. The attacks are becoming more targeted, focused and sophisticated with the cyber criminals willing to put the effort in and spend money to make money.
With ransomware attacks, hackers encrypt or hijack personal data, offering to return the data in exchange for a fee, although the security professionals warn that paying the ransom does not guarantee the data’s return and only encourages attackers to strike again.
Some companies are refusing to pay the ransom stating that they have suitable backup of the data and hence they can satisfactorily recover from these attacks. One of the new tactics is to threaten the person with the data being uploaded in plain text onto the internet for everyone to see if the ransom is not paid.
While the figures are alarming, they do not tell the full story simply because many companies don’t go public when their data is exposed to hackers.
But that is set to change, at least for medium to larger companies. The Federal Government has released draft legislation, which requires companies that turn over $3 million in revenue in a year to inform individuals whose personal information has been compromised.
In the past few months, Aussie Farmers Direct, Kmart Australia, Queensland’s TAFE and Education Department and David Jones have all gone public with security breaches but experts warn that the full impact of cybercrime will only be clear once the data breach requirement becomes mandatory.
2015 was the year that cybercrime assaults became more personal, from the fallout of the Ashley Madison cheating scandal that has been linked to at least three suicides, to the targeted ransomware attacks where the cybercriminals have demanded payment in exchange for the release of photos and personal files.
What we learn from these attacks is that the information that you put on-line, should be treated in the same manner in that you are aware it will be compromised.