“Identity theft is growing at an alarming rate. Hackers tend to use deceptive (phishing) emails that trick people into disclosing their personal information.”—John Ooi, Australian Unity’s Chief Information Security Officer.
Key points
- Cyber security attacks are becoming increasingly more widespread, with devastating results.
- Think before you click. If it seems too good to be true, it almost certainly is.
- You can take some simple steps to protect yourself and your family online.
A cyber security attack can be completely devastating for its victims. And in the modern digital age, such attacks are becoming increasingly commonplace.
From ransomware and phishing, to data breaches and email fraud, the breadth of cyber security threats has become exponentially larger in recent times.
In the 2021-22 financial year, the Australian Cyber Security Centre (ACSC) received more than 76,000 cybercrime reports, an increase of 13 per cent from the previous period.
The ACSC’s Cyber Security Hotline received more than 25,000 calls, an average of 69 per day—or one every 7 minutes—an increase of 15 per cent. More than 54 per cent of all cybercrime reports to the ACSC involved fraud, online shopping or online banking.
To help keep you and your loved ones safe online, we spoke to several cyber security experts about the most common threats, what you can do to protect yourself, and what to do if you fall victim to such an attack.
The most common attacks
John Ooi, Australian Unity’s Chief Information Security Officer, says online identity theft is one of the most common types of personal attack he sees.
“Identity theft is growing at an alarming rate,” he says. “Hackers tend to use deceptive (phishing) emails that trick people into disclosing their personal information or infecting their computer with a malicious software (malware) to harvest personal information.”
Ransomware—a form of malware that threatens to publish a victim’s personal data or block access unless a ransom is paid—also remains one of the most serious cyber security threats, due to its high financial impact and disruptive impact on individuals, businesses and the wider community.
According to the Australian Cyber Security Centre’s Annual Cyber Threat Report 2021-22, there were nearly 450 cybercrime ransomware reports in the 2021-22 financial year, and ransomware has the potential "for cybercriminals to cause widespread disruption".
On 16 March 2021, one of Melbourne’s public health services was severely affected by a ransomware attack. Computer servers and workstations were infected with ransomware that affected four hospitals and aged care facilities.
This resulted in a partial IT system shutdown in the health service, disrupted the delivery of critical health services for hospitals and led to the postponement of some elective surgeries.
An ACSC spokesperson says business email compromise (BEC) is another major threat to Australian businesses and government enterprises, especially as more Australians work remotely.
“Cybercriminal groups conducting BEC have become more sophisticated and organised, developing enhanced, streamlined methods for targeting Australians, businesses and organisations,” the spokesperson says.
Total losses due to BEC were approximately $98 million for the 2021–22 financial year, an increase of nearly 20 per cent from the previous period. The average loss per BEC transaction also increased, by almost 30 per cent, totalling an average reported loss of $60,000.
So, regardless of whether you run a business or are just worried about your own personal data, according to ACSC the risk and cost of cybercrime is growing.
What can you do to stay safe online?
Think before you click. If it seems too good to be true, it almost certainly is.
There are a number of simple things to look out for to identify cyber threats on emails, messages, phone calls and social media.
- Check that you are not asked for personal, or sensitive details, and that emails and messages are addressed specifically to you rather than a general ‘dear customer’ or ‘dear user’.
- Avoid clicking on any suspicious looking links or attachments and downloading software from not credible or unreliable websites.
- Leave websites that ask for your personal or banking details in return for money – these are scams.
- Don’t agree to friend requests from people you don’t know on social media networks - people are not always who they say they are. Learn more about protecting yourself when using social media.
You can also use the ACSC’s Phishing Test to see if you can spot a scam. For more advice, see the ACSC’s guide for Safe User Behaviour and their Personal Security Guides.
In addition to these steps, you can also do the following to further protect yourself from online threats.
- Turn on automatic updates on devices to fix any security weaknesses and maintain a secure system. See the Quick Wins for your Portable Devices guide.
- Activating multi-factor authentication to add multiple layers of protection to your devices or apps, making it harder for cybercriminals to gain access to your personal information. See the Multi-factor Authentication Guide.
- Using strong passphrases to secure important accounts such as a bank account makes it harder for cybercriminals to break. See the Passphrase Guide.
- Regularly backing up devices to an external storage device or the cloud ensures files can be restored in the case that your device is hacked, stolen, lost or damaged. See the Backup Guide.
The ACSC Learn Hub has more cyber security advice and resources, including for families and seniors. Australian businesses and organisations are encouraged to join the ACSC Partnership Program to receive timely cyber alerts, advice, and engagement opportunities to help uplift cyber resilience across the entire Australian economy.
What do I do if I have been attacked?
Report it at once. The ACSC says it’s imperative that any cyber security incident is reported to them at cyber.gov.au/report.
There is a quick three-step process you can take at once to mitigate any potential damage.
- Put out the fire – change your passwords
- Minimise your loss – inform your bank or other business institution affected. You can contact Australian Unity on 13 29 39
- Get help – Report the attack to the ACSC
The ACSC is contactable at any time via email (asd.assist@defence.gov.au) or by calling the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371). By reporting cybercrime you are helping yourself and also helping develop the ACSC’s knowledge of the threat picture, which helps keep everyone more secure.
In addition, Australian Unity has taken pro-active steps to protect our members and their data.
“Australian Unity is a leading mutual wellbeing company and takes pride in serving the needs of its members by providing trusted products and services,” John Ooi says.
“We do collect data from members and take steps to ensure this is used responsibly, stored securely and protected from unauthorised access. We have an established security governance structure with supporting policies. We adopt industry recommended security practices and implement leading security technologies. And all of this is supported by a team of cyber security professionals.
“The security team actively monitor the members and customers systems and websites round-the-clock and are ready to respond to any security incidents.”
All figures and statistics have been provided by the ACSC and are accurate at the time of publication.
Disclaimer: Information provided in this article is of a general nature. Australian Unity accepts no responsibility for the accuracy of any of the opinions, advice, representations or information contained in this publication. Readers should rely on their own advice and enquiries in making decisions affecting their own health, wellbeing or interest. Interviewee titles and employer are cited as at the time of interview and may have changed since publication.