Australia’s 2012 Cyber Crime and Security Report, commissioned by the national computer emergency response team, CERT Australia, and conducted by the University of Canberra, was released in February 2013. More than 20% of the 255 organisations surveyed reported a ‘cyber incident’, including denial-of-service attacks, financial fraud, loss of proprietary information and theft of critical data. Attacks involved the use of malicious software such as “ransomware” and “scareware”, and trojans — despite 90% of respondents using anti-virus software, spam filters and firewalls, and 65% having IT security staff with tertiary qualifications. Interestingly, the report also said those who reported no cyber incidents were likely to have failed to detect them.
Alana Maurushat, academic co-director of the Cyberspace Law and Policy Centre at the University of New South Wales, says that computers are the weapon of choice when it comes to industrial espionage. She also recommends a ‘healthy disrespect’ for statistics about cyber crime and identity theft, saying they are both under-reported.
The World Economic Forum puts the risk of a cyber crime causing a major global breakdown of critical infrastructure costing more than US$250 billion at about 10%. The European Commission estimates the damage from cyber crime for business worldwide at around US$1 trillion a year. The Australian Crime Commission’s most recent figures, for 2008, estimates the cost of e-protection for Australian companies at A$1.95 billion.
Cyber attacks are not random but coordinated and targeted for financial gain; and they’re growing. Ken Gamble of the cyber-detective firm Internet Fraud Watchdog, believes Australia has a high incidence of cyber crime compared to other countries, but less protection. Thailand (population 70,000), for example, has about 200 police detectives in cyber crime units and is hiring about 800 more over the next five years, while NSW (population 7,000), with the most cyber detectives of the Australian states and territories, has about 12 detectives working in cyber crime.
Perhaps the soon-to-be-created cyber security centre, bringing together experts from CERT Australia, the Defence Signals Directorate, the Defence Intelligence Organisation, the Australian Security Intelligence Organisation, the Federal Police and the Crime Commission to work with business, announced by then-Prime Minister Gillard last January, can help increase Australia’s cyber safety.
Meanwhile what is your organisation doing to protect its cyber risk?
Have you carried out a proper cyber risk analysis for your organisation? Do you have robust measures to protect your organisation’s intellectual property? Do you routinely remind staff to stay vigilant so they don’t become careless or complacent regarding security matters?