The government of Australia has implemented several cybersecurity measures to thwart rising cyberthreats in the nation. As a result, the country has now reported fewer security incidents than last year. According to the Annual Cyber Threat Report 2020–21 from the Australian Cyber Security Centre (ACSC), the number of cyberattacks in financial year 2020–21 has declined by 28% compared to the previous financial year. However, organizations sustained significant losses due to various cyberattacks. Business Email Compromise (BEC) was reported as one of the top cybercrimes, with a 7% increase than last year. The ACSC also highlighted that threat actor groups leveraged sophisticated techniques to increase their reach and cause maximum damage to the targeted victims.
The ACSC has produced the report with contributions from the Defense Intelligence Organization (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organization (ASIO), and the Department of Home Affairs and industry partners.
Top Cybersecurity Threats
- Ransomware
- Exploiting unpatched vulnerabilities
- COVID-19-themed scams
- Supply Chain attacks
- BEC attacks
Other Key Findings
- Over 67,500 cybercrimes were reported, an increase of nearly 13% from the previous financial year
- Self-reported losses from cyberattacks totaled $33 billion
- Over 1,500 cybercrime reports per month of malicious cyber activity related to the coronavirus pandemic
- More than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information
- Nearly 500 ransomware attacks were reported, an increase of 15% from the previous financial year
- Fraud, online shopping scams, and online banking scams were the top reported cybercrimes
- Received over 22,000 calls on the Cyber Security Hotline – an average of 60 per day and an increase of more than 310% from the previous financial year
How ACSC Contributed to Strengthening Cybersecurity
- Published more than 40 security guides to support older Australians, families, and businesses to implement cybersecurity practices
- Supported 18 cybersecurity exercises involving over 50 organizations to strengthen Australia’s cyber resilience
- Provided advice or assistance to over 1,630 cyber security incidents
- Undertook 34 high-priority operational tasking activities in response to identified and potential cyber threats or significant events – this included scanning for vulnerable Australian devices
- Removed over 7,700 websites that were hosting cybercrime activity from the Internet
- 16 Australian Government agencies were signed to the Australian Protective Domain Name Service, processing more than 5.5 billion queries and blocking over 400,000 malicious domain requests
- Disrupted over 110 malicious COVID-19 themed websites, with assistance from Telstra and Services Australia
Remediations
In addition to the Essential Eight Maturity Model, the ACSC has recommended all organizations in Australia to implement the following security measures:
- Report all cybercrime and cyber security incidents via Reportcyber
- Become an ACSC Partner to receive threat insights, advisories, and advice to enhance their situational awareness
- Review all networks to establish where valuable or sensitive information and infrastructure is located, and apply appropriate cybersecurity measures proportionate to the risk of compromise
- Patch within 48 hours where an exploit exists
- Evaluate risks associated with cyber supply chains
- Prepare for a cyber security incident by having an incident response, business continuity and disaster recovery plans in place and testing them
How Australia is Boosting Cybersecurity
Australian government implemented several security initiatives after cyberattacks became prevalent in the country. The government passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, allowing the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to spy on potential cybercriminals online. Besides, Australia, the U.K., and the U.S. recently came together to form a trilateral security partnership known as AUKUS. The security pact is committed to maintaining diplomatic, security, and defense cooperation in the Indo-Pacific region.
