Release of proposed ASX Corporate Governance Principles and...
The IPA is a member of the ASX Corporate Governance Council, which has been consulting on proposed changes to the...
READ MOREHow to reduce your cybersecurity risk
The ASD Cyber Threat Report 2022-2023 tracked trends across cybersecurity incidents reported to the Australian Cyber Security Centre (ACSC), identifying an increase of 23% in cybercrime reports in FY23, compared to FY22, with a total of 94,000 cybercrime reports.
The ASD Cyber Threat Report 2022-2023 tracked trends across cybersecurity incidents reported to the Australian Cyber Security Centre (ACSC), identifying an increase of 23% in cybercrime reports in FY23, compared to FY22, with a total of 94,000 cybercrime reports.
The average cost of a reported incident has also increased, by 14%, with the cost per reported incident greatest for medium-sized businesses.
Government is over-represented in cybercrime reports, which the ACSC suggests is possibly a result of mandatory reporting. If this is the case, however, many incidents of cybercrime are going unreported in the private sector.
Behind federal, state and local government, the professional, scientific and technical services sector reported the greatest proportion of cybersecurity incidents.
The professional, scientific and technical services sector also reported the highest number of ransomware incidents – a malicious attack in which access to a computer, platform or data is blocked until a ransom is paid.
Around a third of ransomware incidents were reported by three sectors: professional, scientific and technical services; retail trade; and manufacturing.
The report also reveals other commonly used cybercrime techniques:
- Phishing and spear phishing: Attempting to trick email/message recipients into clicking a malicious link or sharing sensitive information – the latter is simply a more targeted version.
- Data-theft extortion: Threatening to sensitive data that may cause reputational damage, unless payment is received.
- Data theft and on-sale: Extracting and selling sensitive data, whether or not malicious software is used.
- Business email compromise (BEC): Impersonating email senders, either by gaining access to their accounts or using similar email addresses, to extract information or payment.
- Denial of service (DoS): Disrupting the use of a platform or website to interrupt a business’s operations. Payment is often demanded for restoration of access.
Use the interactive below to see nine ways a business can mitigate the risks of cybercrime impacts – click on each card to see why each action is important, and where to start in refining practices.
The IPA’s webinar Cyber Security For Small Businesses is now available on demand. Find out more.
Previous
“A real problem for innovation and for the economy”: Andrew Leigh on Australia’s lack of competition
Next
Pre-budget special: Allegra Spender MP on tax reform
Australia’s free trade agreements
Free trade agreements (FTAs) between countries or trading blocs make trading easier and less costly by eliminating or...
READ MORE
There’s an AI for that: 9 AI tools for accountants to try now
If you have a challenge, it’s likely someone has tried to develop an AI-powered solution. Here, nine challenges faced...
READ MORE