Aussies lost over $300m to scams last year with cyber crime still rising

We’re living in a digital era where information and data are more valuable than gold and oil. After two years of remote working, online vulnerabilities are escalating with cloud breaches, phishing, account takeover attacks and ransomware among the top concerns.

Hybrid and remote work trends ensure another year of online vulnerability, after the COVID-19 pandemic gave the scammers and hackers an advantage.

The virus crisis is fuelling the growth in cyber crime as hybrid and remote work rises. Recent data shows Australians have lost more than $72 million in scams, and we’re only three months into 2022. Compared to this time last year, that’s an increase of over $10 million in the first quarter.

Working from home and lockdowns have changed the way Australians use the internet. The reliance on IoT devices, along with virtual classrooms, online communications, work, study and day-to-day life present new opportunities. However, these also come with the responsibility to protect data from being accessed by unauthorised parties.

As malicious hackers switch their focus to online work, stronger access controls need to be in place to reduce scams and prepare for the future.

The sharp rise in cyber crime has targeted education, government, healthcare and medical research facilities. Other industries also at stake include business, communications, software vendors, financial and legal services, and real estate.

Now remote work and cloud use have become accepted in the workforce, it’s imperative that the security gaps within the system are addressed.

Small to medium businesses are most at risk

Small to medium businesses typically have less cyber security protection, making them more vulnerable. Forty-three per cent of cyber attacks target SME businesses, according to a report from Australian cyber security firm Kaine Mathrick Tech. Even more concerning, only 5 per cent of businesses’ data folders are protected.

Businesses of all sizes must have an extensive understanding of where their online threats are most likely to come from, with an action plan on the best way to handle these. Recent research shows that one cyber crime targets Australian businesses every 10 minutes.

Ransomware remains one of the top threats

VIEW ALL

In 2022, a ransomware attack occurs every 11 seconds. Last year, the ransomware industry shot up to a whopping $20 billion. A report by Privacy Australia revealed mobile ransomware attacks are also up by 33 per cent.

Phishing, hacking, remote access scams and malware are ongoing concerns too – on and offsite, in the office and at home. Scamwatch data shows the main delivery methods for these attacks are smartphones and email.

The problem is many SME businesses don’t have the budget for cyber security. A quieter than expected economy could be to blame for the lack of spending, making business owners increasingly worried about the emerging threats.

Hackers and scammers are getting more ambitious and bolder in their attempts, targeting online activities to take advantage of people in all occupations and from all walks of life. It’s no longer only necessary to set security measures and forget about them. Preventative actions, multi-layered approaches and regular assessments are key to staying ahead.

The true costs of cyber crime

The cost of cyber crimes is rising with an 84 per cent spike in scams since 2021. The Center for Strategic and International Studies (CSIS) and McAfee project estimate the economic damage is between $375 billion and $575 billion each year. On average, it’s $445 billion.

According to Scamwatch, the highest scams are investment scams and dating and romance, totalling over $56 million. Followed by false billing ($3.5 million), online shopping scams ($1.8 million) and identity theft ($800,000).

NSW ($21 million) and Victoria ($16 million) are the states most impacted by online shopping scams, with Queensland ($12 million) and Western Australia ($11 million) not far behind.

Australians aged over 65 reported the greatest losses to scams since January, totalling over $17 million. Other age groups most at risk are 25 to 34 and 35- to 44-year-olds. Scams and reports by Australians under the age of 18 also increased by over 50 per cent. Women lost more money to scams totalling over $36 million, compared to $35 million lost by men.

Who’s behind data breaches?

The majority of cyber attacks are triggered by insiders, outsiders, business partners, organised crime groups and affiliated groups.

According to a data breach report by Verizon, outsiders are the biggest culprit (70 per cent) followed by organised crime groups (55 per cent) and insiders (30 per cent).

Zero trust

This year, 2022, is the year of deep suspicion.

Zero trust is an approach that shifts people away from the classic “trust but verify” cyber security adage. Over the years it’s evolved to the opposite – “never trust, always verify”, reminding people that no one is safe from cyber crime in this digital age.

These safeguards use an initial authentication, under an additional layer of security requiring multiple factors to access.

All users inside and outside of an organisation are required to authorise their access with a zero-trust strategy, allowing the least privileged entry. This approach is critical to:

• Mitigate financial impact;
• Reduce the average cost of data breaches;
• Prevent identity theft; and
• Restricts access controls, without compromising performance and user experience.

Cyber risk management should be a top priority in 2022

If 2021 has taught us anything, it’s that cyber security continues to be one of the biggest challenges of our era.

With the everyday obstacles of COVID-19, cyber risk management has taken a backseat. The year 2022 will still see many people working remotely, making it a top priority for businesses and households to identify, understand and manage security concerns.

How to stay safe from financial scams

As the cost of cyber crime continues to rise, more organisations will need to invest in cyber security to protect their in-house and remote teams.

People can expect more attacks on their smartphones, home computers and networks with cyber criminals taking advantage of security holes. The rush to the cloud and increase of IoT devices will also cause challenges.

Businesses and families can protect themselves by managing their biggest risks and the culprits that make people vulnerable, such as a lack of established protocols and unsecured networks.

Implement prevention-based security solutions in your home, business and on the go. Make sure to:

• Know what devices you have and the vulnerabilities that can be exploited.
• Understand what data is regulated, private and sensitive.
• Provide comprehensive and current cyber security training and education to staff.
• Update hardware and software regularly.
• Revisit risks and priorities.
• Secure all networks.
• Use multi-factor authentication and control access.
• Watch for SMS phishing and lookalike sites.
• Check for data leaks with software.
• Download carefully.

[Related: Sophos research reveals cyber attackers using Log4Shell vulnerability to deliver ‘backdoors’ to virtual servers]