Data Breaches and Cyber Crime in Australia

data breaches security padlock graphic

Data Breaches and Cyber Crime in Australia

Cybercrime is a widespread threat, targeting Australia and our businesses, country wide. Small to medium enterprises (SME’s), government organisations, large corporate companies and individuals are all at risk from increasing threats from the latest cyber threats and data breaches.

The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report identified Australians lost over $634 million to scams in 2019. This however might not be the true figure as the real cost of cyber attacks is hard to estimate. It is believed to be more likely in the billions every year.

Cybercriminals are attracted to the wealth of Australia and the enormous amount of online activity, that is ever-increasing. Cyber criminals will only take advantage of the increase in online networks, especially with the pandemic forcing more businesses to go online. The opportunity is there for criminals to make even more profits than ever before.

During March 2020, cybercriminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic. A current report from Avast indicates that individuals have around a 5% higher chance of a cyber-attack than the previous year.

Australian businesses need to protect themselves even further from data breaches and cybercrime now, more than ever, as COVID-19 related scams are on the rise. Framework from the Australian Government’s Australian Signals Directorate (ASD) suggests safter ways to work online for enterprises.

remote working at desk

Types Cybercrime that can Occur

Types of cyber scams that are out there:

Cyber abuse – Cyber criminals may bully, harass, or stalk you or your business online.

Online Image and Blackmail – Images of you have been shared online without permission or someone is blackmailing you with the threat of posting certain images (including personal/ intimate images or videos).

Online shopping scams or persuasive fraud – When users are duped or convinced into sending money or supplies to somebody online.

Identity theft – Your personal or business identity information is stolen, and someone is accessing your online accounts with that information.

Email scams – Receiving an email including false information, or imitating a company, that has led you to send money online.

Internet fraud – When money has been taken from your account, after clicking on a malicious link or allowing remote access to your computer.

Data breaches from malware – Your system or device have been hacked from someone you may then demand money.

women sitting at desk

Data Breaches in the last 12 months

In the last year, we have seen a number of cybercrime incidents of Australian and New Zealand businesses. One of which was the attack on 47 Service NSW staff member’s email accounts, which resulted in data breaches of 186,000 customers and staff.

Resulted data breaches had to be analysed over around 3.8 million documents and 738GB of data (including transaction receipts, scans, notes and forms), over the course of a 4-month investigation.

Then there was the disruption to the New Zealand stock exchange, which halted activity over the course of four days. Surprisingly, the DDoS attack that coursed the disruption is a fairly straightforward type of cyber-attack. A sizeable collection of computers will attempt to connect to an online service at the same time, overpowering its capacity, and disrupting the system. Devices used for the attack will usually have some sort of malware attached.

Back in February, the transport company Toll had to shut down all computer systems across several sites, due to a ransomware attack, leaving customers waiting for undelivered parcels.

The Office of the Australian Information Commissioner (OAIC), reports information from the Notifiable Data Breaches (NDB) scheme to help small and medium size business and enterprises, as well as individuals, understand the statistics of data breaches and cyber attacks. A report for the period from 1 January 2020 to 30 June 2020 shows that human error is the cause behind 34% of data breaches and the health sector is one of the hardest hit industries, reporting 22% of all breaches, 115 during that period.

The finance sector fell second behind healthcare for the amount of date breaches from January to June 2020, reporting 75 breaches; education had 44 breaches during the 6 months, insurance 35 and legal 26.

The same report shows that malicious or criminal attacks were the most common, accounting for 61% of all reports. This includes phishing attacks, malware, and ransomware scams. The OAIC report also shows ransomware attacks are on the rise from the previous 6 months, with an increase of 150%.

Out of all cases reported, 84% of personal information was breached, including home addresses, phone numbers and email addresses. Over a third of breaches involved identity information, which incudes government identity numbers, passport numbers and driving licence numbers.

Australian businesses now have to comply with Notifiable Data Breach laws in order to help protect the personal information of individuals and the organisation. Failing to comply with disclosing data breaches can result in big fines for companies.

Organisations have to but vigilant against cyber attacks and make the necessary changes in order to protect themselves and their customers. This can be done in a number of ways from making sure staff are educated on cyber awareness, performing cyber security audits, and investing in a complete security system.

If you are part of a small or large organisation, and are worried about your levels of cyber security, then why not talk to one of our experts at Cube Cyber.

Chat to our friendly professionals for a free assessment of your cyber security needs at 1300 085 366 or book in your free assessment here.


Phishing Attacks: What Exactly Are They?
Types of Cyber Threat Actors and Their Motivations