top of page

Top Cyber Security Agency Reports on Most Common Cyber Threats to Businesses

3 Dec 2024

The latest annual report by Australia’s top cyber security agency – The Australian Signals Directorate (ASD) – contains sobering details about the challenges being confronted daily by Australian businesses.


Describing the current cyber security strategy environment as “the most complex and challenging … since the Second World War”, the ASD says advancements in critical and emerging technologies dramatically improve the ability of cyber thieves targeting Australian organisations.


Cyber Crime Increasing

ASD received more than 36,700 calls to its Australian Cyber Security Hotline during the 2023-24 financial year - up 12% on the previous year. It responded to more than 1,100 cyber security incidents, and notified organisations of potential malicious activity on their networks more than 930 times.


However, these numbers are merely the tip of the iceberg relative to the total number of attempted hacks. ASD characterised cybercrime as “a persistent and disruptive threat”.

Contributing to the surge in cyber crime is the availability of new opportunities and technologies such as artificial intelligence. This is reducing the level of sophistication needed for cybercriminals to operate, and attracting new criminals to the field.


Top Business Threats

Compromised business email accounts (20%) and fraud (13%) were among the top self-reported cybercrimes for businesses and individuals in Australia during the last financial year. Online banking fraud accounted for a further 13% of incidents.


Ransomware and data theft extortion (stealing data without encrypting their victims’ systems) also remained a pervasive and costly threat.


The top 5 sectors reporting cybercrimes to law enforcement were:


  • Retail trade (15%)

  • Professional, scientific and technical services (13%)

  • Construction (12%)

  • Financial and insurance services (8%)

  • Other services (7%)

 

Average Losses by Businesses

Interestingly, the average self-reported cost of cybercrime to Australian business fell slightly vs the previous financial year:


  • Small businesses: $49,615 (down 8%)

  • Medium businesses $62,870 (down 35%)

  • Large businesses $63,602 (down 11%)


However, it’s worth bearing mind recent research which shows a large number of businesses did not report ransomware payments in 2023-24.


Cybercrime Reports by State and Territory

Australia’s more populous states continue to report more cybercrime, with Queensland and Victoria reporting disproportionately higher rates of cybercrime relative to their populations.


The highest self-reported financial losses were from victims in NSW (~$86,000 per cybercrime) followed by Victoria (~$66,000).


Common Cybercrime Techniques

The ASD says Credential Stuffing – using stolen usernames and passwords to access other services and accounts via automated logins – is one of the most common cyber attacks.


Another common technique is Password Spraying - a brute-force attack where cybercriminals attempt to access a large number of accounts with commonly used passwords.


Quishing - Quick Response (QR) phishing – is another growing threat. Cybercriminals use QR – for example, on a café menu, or a subtly altered public notice - to trick people into providing personal information or downloading malware onto their smart device.


Combating the Threats

In its report, ASD urges organisations to replace unsupported information and communications technology systems with secure-by-design products, and consider cyber security when implementing new technologies.


Two great examples of secure-by-design protective technologies are those that we recommend at Generic Systems Australia.  Managed File Transfer (MFT) is a technology which enables organisations to securely exchange data between systems and people in an automated, reliable and efficient way.  Advanced Threat Protection adds a further layer of defence, seamlessly integrating your managed file transfers with adaptive data loss prevention to keep sensitive data secure.


ASD also urges organisations to prepare a cyber security incident response plan and test it regularly to ensure an effective response and fast recovery. The process of developing such a plan will help an organisation understand the nature of its most valuable data, where it is stored, which systems and individuals have access to it, and how it is protected – or exposed to – malicious threats.


Obtaining Expert Help

At Generic Systems Australia, we have many years of experience helping Australian and New Zealand IT teams protect their valuable data with the very best MFT solutions.

From the initial scoping of organisations’ legacy data transfer approaches, through zero-cost Proof of Concepts and hassle-free Migration Services, we help companies stay focused on running their business without disruption as we transition them to more secure approaches.


If you’d like a to discuss how your cyber security can be boosted by MFT and layered defences, please feel welcome to contact me.  I’m always happy to have an obligation-free discussion.


Generic Systems Australia are your local experts in Managed File Transfer.

You can view a full copy of The Australian Signals Directorate Annual Cyber Threat Report 2023-24 here.

bottom of page