Navigating Australia's top cyber threats

Cybercrime and ransomware continue to pose significant threats to Australian businesses and critical infrastructure, prompting experts at BDO to urge organisations to strengthen their defences.

The Australian Cyber Security Centre’s (ACSC) 2023–2024 Annual Cyber Threat Report revealed a surge in cybercrime incidents, with over 87,400 reports logged in the past 12 months—an alarming increase that sees a new report filed every six minutes.

BDO national leader of cyber security, Leon Fouche, said the data reveals a concerning trend within the public sector, which has seen the highest number of cyber security breaches in recent years.

“As government departments and agencies increasingly rely on digital systems, they have become prime targets for cyber criminals,” Leon said.

“These sectors face unique challenges, including legacy systems, complex supply chains, and heightened scrutiny from attackers looking to exploit sensitive citizen data.

“In fact, the public sector now accounts for a significant portion of reported cyber incidents, underscoring the need for enhanced protection and more rigorous cyber hygiene across all levels of government.”

The data also revealed a troubling trend in the vulnerability of small businesses.

“Small businesses suffer average losses of $49,600 per incident, a sharp increase from the previous year, while identity theft, online fraud, and email scams are the most prevalent threats,” Leon said.

“Ransomware remains a major concern, involved in 11 per cent of incidents. Attackers are not only locking data but also stealing sensitive information to pressure victims into paying ransoms.”

Critical infrastructure, including energy, water, and healthcare services, is a prime target, accounting for 11 per cent of reported incidents.

Common attack methods include phishing emails, exploiting unsecured public systems, and brute force attacks on weak passwords.

State-sponsored cyber-attacks, particularly from China and Russia, are also on the rise, targeting Australian networks to steal information or prepare for potential disruptions.

“Artificial Intelligence (AI) presents both risks and opportunities in the cyber security landscape,” Leon said.

“Criminals are using AI to create sophisticated scams, such as deepfake videos, making it easier to deceive individuals. Conversely, AI is also being leveraged to enhance cyber security measures, enabling faster and more accurate threat detection.”

Leon said it’s crucial than organisations view cyber security as a shared responsibility.

“Individuals and organisations are urged to strengthen their defences by following the ACSC’s Essential Eight security practices, using multi-factor authentication, and securing critical systems.

“Regularly reviewing and updating security measures, having a clear incident response plan, and staying informed about new threats are crucial steps in protecting against cyber-attacks.”

 


 

For media enquiries:
Tate Papworth
Manager, Media
E: tate.papworth@bdo.com.au
Ph: 0433 411 189