In June 2020, at the peak of the COVID-19 pandemic, Australia’s Prime Minister Scott Morrison said what many others refuse to acknowledge in public.
He went on record saying that the Australian government and institutions are being targeted by ongoing sophisticated state-based cyber hacks. These cyber attacks were widespread, covering “all levels of government” as well as essential services and businesses.
Flash forward to September 2021, and attacks have extended to both public and private sectors; one such attack on Microsoft Exchange Servers impacted thousands of Australian businesses across industries. About one quarter of these attacks targeted Australia’s “critical infrastructure”–from electricity and water to education and transport systems.
The numbers tell a story. Over the 2020–21 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 percent from the previous financial year.
The increase in volume of cybercrime reporting equates to one report of a cyber attack every 8 minutes compared to one every 10 minutes last financial year. Remote working and a higher reliance on digital technologies seem to be some of the factors behind this increase.
A higher proportion of cyber security incidents this financial year was categorised by the ACSC as ‘substantial’ in impact. This change is due in part to an increased reporting of attacks by cybercriminals on larger organisations and the observed impact of these attacks on the victims, including several cases of data theft and/or services rendered offline.
The increasing frequency of cybercriminal activity is compounded by the increased complexity and sophistication of their operations.