This year in security: 2020
Australian infrastructure is a prime target for cyberattacks
The government has already pointed out that Australia is experiencing a big increase in cyberattacks, and it seems our infrastructure is a major target, given how much disruption even a small incident can cause. A Microsoft-commissioned report found that more than half of the Australian organisations surveyed have experienced a cybersecurity incident, which could cost the economy $29 billion per year. Over the past year alone, we’ve seen breaches of the departments of Home Affairs, Defence and even public transport. Infrastructure is notoriously hard to secure and needs technology and policy to work together if we want our critical infrastructure to stay resilient. The good news is that the government has already announced a $1.35 billion dollar package to upgrade cybersecurity in Australia, which should go a long way in beefing up our cyber defences.
Hackers ramped up their efforts to capitalise on COVID-19 fears and confusion
The pandemic has literally changed our way of life overnight, and as with any upheaval, there’s a lot of confusion on how to adapt to the new normal. With companies and institutions speeding up their digital transformation, the sudden shift to remote working, remote learning and free videoconferencing tools with questionable security have left a lot of people facing the pointy end of a data breach. The public at large also has to deal with scammy websites selling fake masks, tax scams and phishing attacks. We live in a digital society now, and cyber risks are just part of the territory. The most effective thing we can do is raise awareness about cyber hygiene and educate those close to us on how to protect themselves online.
Social media breaches revealed how there is no such thing as an ‘isolated’ cyber incident
The social media world was rocked a few times over the past year, with an Australian privacy watchdog taking Facebook to court over customer data breaches and Twitter contending with a high-profile breach which led to scammers exploiting celebrity accounts to shill a cryptocurrency scam. Incidents like this show how pervasive and influential social media can be, and the scale of damage a breach can cause. Cybersecurity (or a lack thereof) can have major consequences for entire societies, even entire countries.
The education sector needs a major cybersecurity overhaul
Schools and universities hold massive amounts of data on students and staff, which make them juicy targets for hackers looking to make a quick buck. Their cybersecurity tends to be very basic, which is great for hackers, but not so great for their targets. Last year, the Australian National University and the Australian Catholic University were blindsided by surprisingly sophisticated and well-organised cyber attacks that compromised the data of thousands of people. Schools tend to fly under cybercriminals’ radars, but their IT infrastructure tends to be underfunded and out-of-date, which does expose them to a degree of risk. Even though cyber awareness at institutions and their staff is rising, there’s still a lot of work to be done if we want to keep our schools and universities safe from cyber-harm.
Ransomware attackers are turning their attention to large companies and threatening to publish their data
This year, the list of enterprises targeted by ransomware attacks continued to grow longer, as firms like Toll Group (who were targeted twice), Henning Harders, Travelex and Fisher & Paykel all contended with their data being taken hostage. Among organisations surveyed for Mimecast’s State of Email Security 2020, 51% said they had suffered a ransomware attack that impacted business operations during the past 12 months, suffering an average of three days of downtime. Hackers are realising that even large companies can be highly vulnerable to cyberattack, and this is a trend we’re likely to see grow as more companies move forward with their digital transformation plans.