Cyber security in the age of AI

Did you know that one cybercrime is reported to the Australian Government every seven minutes? And that’s just the ones we know of, with many incidents of cybercrime—identity crime, fraud or scam, online abuse and malware—going unreported to authorities.

The government’s most recent Annual Cyber Threat Report highlights the battle that many Australian residents and businesses know all too well.

The report shows that the number of cybercrimes reported is rising (13 per cent), the average cost per cybercrime is increasing (14 per cent) and the severity rating of cybersecurity incidents is growing.

These statistics represent what John Ooi, Australian Unity’s Chief Information Security Officer, refers to as a shift to the cyber landscape that is being reshaped by factors such as Artificial Intelligence (AI), cyberwarfare and the operations of online crime syndicates.

“Cybercriminals are evolving. They're part of highly professional and well-funded syndicates,” John says. “This threat is largely fuelled by the rapid digital transformation and growth in our society.”

While AI brings about positive advancements and opportunities for businesses and society, serving as an “artificial energy to expedite and simplify things”, John cautions that nation-states, crime syndicates, and hackers are also leveraging AI to their advantage.

“They now employ highly sophisticated attack methods,” John elaborates. “These methods are hard to detect and extremely evasive. Spam emails are now professionally written, with fewer grammatical mistakes, and the speed and frequency of attacks has significantly increased due to AI capabilities.”

For anyone who works in an office environment or has grown-up with IT at their fingertips, it may feel easy to identify threats to your digital security—such as phishing emails, text message, attachments, or malicious ads—but research shows that people with a higher level of digital literacy are more at risk of being the victims of cybercrime.

A 2023 survey of 13,000 Australians found that victims of cybercrime are more likely to be aged 18 to 24, frequent or confident internet users, or regular users of online services.

The Cybercrime in Australia report found that approximately 10 per cent of people engage in high-risk online behaviours, such as accepting friend requests from strangers, sharing passwords, using free public wi-fi to conduct a financial transaction, or opening an email from a source they did not know.

These behaviours were found to increase the risk of experiencing online abuse or being victim of profit-motivated cybercrime.

Matthew Ricker, Chief Executive Officer of Australian Unity Bank, says the rule of “think before you click” and considering what or who you are interacting with is common in most online safety rules.

“Think about what you are going to do before you do it,” advises Matthew. “Pause for a second and consider what you are about to enter into, and the potential risks involved—such as allowing access to your computer or mobile phone, downloading a file, or handing over personal information—and if it seems too good to be true, it almost certainly is.”

“If you’re asked for personal or sensitive details make sure the context of the situation is appropriate, a bank or institution will not send a ‘dear customer’ or ‘dear user’ email asking for these. Avoid clicking on any suspicious links or attachments and leave any website asking for your banking or personal details in exchange for money, these are scams.”

John cites the Australian Cyber Security Centre (cyber.gov.au) as a valuable resource for learning the basics of cyber security and to protect oneself from online threats.

"For Cyber Security Awareness Month in Australia, they advise updating your devices regularly, enabling multi factor authentication, and lastly, backing-up your important files,” John adds.

“This essentially means keeping your devices up-to-date with the latest software, using more than one method of verification to prove your identity before accessing your accounts and regularly saving copies of your files to prevent data loss.”

So, that’s personal safety, but how is Australian Unity updating its processes and systems to help combat online security risks? John reveals that the organisation has a comprehensive plan to address these risks.

“Firstly, we are minimising our data footprint by only collecting necessary information,” John says.

“Secondly, we are reducing our radius of attack by ensuring systems are managed securely with tools designed to safeguard the information. And last but not least, we are strengthening access control process and capability.”

One interesting additional security measure Australian Unity employs is a service that probes the dark web, scanning for stolen identities that matches with customer data.

“This capability has been used to alert some of our health insurance and banking customers about potential identity breaches,” John explains.

“We contact the customers directly to inform them of potential fraud risks due to their data being compromised and exposed on the dark web. This notification often comes before the customers themselves are aware of the potential breach.

“While that’s a call nobody wants to receive from their bank or institution, it’s preferable than the alternative, and it’s assuring to know that Australian Unity has incorporated this extra layer of protection built in its products and services.”