Australians are failing to take basic cybersecurity precautions, despite big rises in cybercrime and targeted attacks, according to two new studies.
The average number of cyber attacks per month increased by 23 percent in 2017, compared with the previous year, according to anti-malware provider Malwarebytes. And another report by security vendor Bitdefender has found that many of Australians are failing to protect themselves from cyber threats.
Ransomware was a major part of the growth in cyber attacks, with the Malwarebytes study reporting ransomware detections for January to October 2017 up by 62 percent on the whole of 2016. The number of detections jumped from 90,351 in January 2017 to 333,871 in October.
Business-targeted cybercrime is increasing at an even greater rate, almost doubling since last year, according to Malwarebytes.
“Businesses must also heighten their awareness of cybercrime, taking a realistic view towards the likelihood of attack,” the company advised in its new report The new mafia: gangs and vigilantes.
“The vast impacts of these attacks mean that cybercrime must be elevated from a tech issue to a business-critical consideration.”
Unlike ransomware, which is immediately obvious, some types of business-focused cybercrime can go undetected for extended periods.
The Malwarebytes report quotes PwC global lead for threat intelligence and incident response Kris McConkey as saying “In a lot of cases [of IP theft] the affected organisation might not even know that they’ve had an issue, because all they’ve lost effectively is a copy of their design documentation and engineering plans and things. Actually, the real impact is then felt two, three, four, five years later when their competitor comes to market with something that’s designed on top of their research investment, which could be billions of dollars.”
Such attacks may be state sponsored, McConkey observed: “If for example it’s a foreign government seeking to support its local aviation industry, to disrupt aeroplane manufacturers' stranglehold on the narrow body aircraft market for example, they might be very interested in stealing a lot of their plans and blueprints for how the leading narrow body aircraft actually work, so they can feed that to their local competitors so they can bring a competing aircraft to the local market first, and then the international market.”
Malwarebytes CEO Marcin Kleczynski added: “CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration. The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.”
Why are Australians failing to take basic cybersecurity precautions?
Many of Australians are failing to protect themselves from cyber threats, but that’s not necessarily due to lack to awareness, according to the Bitdefender survey of just over 1000 Australians. Half of the respondents said they knew someone who was the victim of an attack, and on average they thought they had a 38 percent chance of being hacked.
However, the survey, which was conducted by Decibel Research, also found that:
- 43 percent of respondents actively avoid installing device, application and platform upgrades
- 61 percent don't have security software installed on at least one of their devices
- 54 percent don't use different passwords for their online accounts
- 37 percent don't have a passcode on their phone.
"Through a connected device hackers can find your physical address, your emails, and access financial and medical information," said Bitdefender senior e-threat analyst Bogdan Botezatu.
“Any sensitive information your hold from friends and family will be exposed also. With the average Australian home using more than 13 smart devices currently - a number set to explode in the years ahead - it's paramount we protect these devices because in 2017 and beyond a thief no longer has to physically break into your house to steal from you.”
And that, we would suggest, also applies to small and mid-sized businesses.
Another problem is that younger people appear to be more blasé about cyber security: 72 percent of Generation X and 65-plus respondents thought it is important (we're a little surprised it was that low), but only 57 percent of Generation Y agreed.
Botezatu suggested that could be the result of Gen Y having grown up with digital technology, and hearing of many threats that never materialised.
“We need to address this situation rapidly because digital natives will be increasingly responsible for society’s overall cyber protection,” he said.
“The Australian government should be applauded for the steps that it is taking to shore up internet and cyber security at a national level. Investments in the Cyber Security Cooperative Research Centre [and] the Mandatory Data Breach Notifications [are] both prime examples. However, security starts at home and although its clear most Australians do understand the risks and importance of internet security, the simple fact 37 percent of respondents don't have a passcode on their phone tells us there is a lot of work to do.
“To safeguard their online security, Australians need to understand any endpoint is an access point to their personal information and needs to be secured. Responding to threats doesn't necessarily require investment with many devices and applications already having measures built in. Ensuring these are switched on and upgraded will go a long way to stifling the attempts to steal our personal information.”