14 November 2023, Australian Signals Directorate (ASD) 2022-2023 announced Annual Cyber Threat Report (report). This report identifies key trends in cybercrime facing Australian governments, businesses and individuals that are important to understand.
This report will help those in the education and purpose sectors understand how the current state of cybercrime in Australia can impact their organizations.
ASD performs Australian Cyber Security Center (ACSC) is the Australian Government’s technical authority for cyber security and has a 24-hour hotline for advice and reporting on cyber threats and incidents (1300 CYBER1 or 1300 292 371).
Top reporting departments reporting cybercrime to the Australian Cyber Security Center
The chart above shows the top 10 departments reporting to ACSC and their percentage of the total fiscal year. Most relevant to Moore’s value-driven client community, education and training and health and social assistance are both sectors in the top five.
- 6.7% of reports to ACSC came from the education and training sector.
- 5.9% of reports to ACSC came from the health and social assistance sector.
This indicates a high risk of being targeted by cybercrime, but may also reveal a high level of awareness in these industries with high reporting levels.
Recommendations from ASD for all Australian organizations
ASD recommends that all Australian organizations:
- Use only reputable cloud and managed service providers that implement appropriate cybersecurity measures.
- Review your remote workforce’s cybersecurity posture, including communication, collaboration, and use of business productivity software.
- Implement relevant guidance from ASD essential eight Maturity models, strategies to mitigate cybersecurity incidents, and information security manuals.
- Regularly test your cybersecurity detection, incident response, business continuity, and disaster recovery plans.
- Train staff on cybersecurity issues, especially how to recognize scams and phishing attempts.and
- Report cybercrime and cybersecurity incidents report cyber.
Ransomware is the most destructive cybercrime threat
The 2022-2023 Annual Cyber Threat Report reveals the significant threat of ransomware.
Roughly 10% of cybersecurity incidents in 2022-23 involved ransomware. ASD advises against paying the ransom.
The report also reveals that 8.7% of reported ransomware-related cybersecurity incidents originated from the healthcare and social assistance sector.
It is important to note that one in four ransomware reports also includes confirmed data exfiltration where attackers force victims to both decrypt and keep data private.