As we sit here, more digitally connected than ever, it’s evident that the scale of cyber threats is escalating rapidly. Over the past year, Australia has witnessed a significant surge in cyber incidents. The Australian Cybersecurity Centre reported around 94,000 cybercrime incidents in the last financial year—a near 25% increase from the previous year. Additionally, the Office of the Australian Information Commissioner reported a record 892 data breaches, and ASIC noted over 600,000 scam reports in 2023, reflecting an 18.5% rise from the year before. That is over 10 cyber incidents an hour and more than 1 scam a minute.
These figures are not just numbers; they reflect the growing concerns of both professionals and consumers. Despite significant efforts taken by industry to better protect data, research by Deloitte suggests that Australian consumers continue to decrease their trust in an organisation's ability to keep their information safe.
Cybercriminals are becoming more innovative and sophisticated, exploiting new technologies to advance their attacks. For example, in my recent experience, I’ve seen how deepfakes—once intricate and costly to produce—have become easy and affordable, giving rise to what I like to call the “cheap fakes”! These are used to impersonate legitimate entities, spread misinformation, and compromise advanced biometrics systems with speed and are low cost and effort to create. This shift not only jeopardises data privacy but also complicates identity verification.
Advanced artificial intelligence has brought us immense opportunities when it comes to operational efficiency and has fundamentally changed the way we work, but it is also delivering benefits for bad actors and has reduced the barrier to entry for novice criminals. AI is being employed to accelerate ransomware attacks, to optimise phishing attempts and is being used in the automation of malware distribution. State-sponsored cybercriminals with access to these black-market AI tools presents an increasing and serious challenge for us. As we look ahead, we must also prepare for disruptive technologies such as quantum computers, and this is in the not-too-distant future. These machines, with their immense processing power, will both boost our capabilities whilst challenging the very foundations of our digital security.
So, what must we be doing in response?
Firstly, we talk about bad actors but let’s be clear, cybercriminals today are innovators, they are digitally competent and are operating without the same rules and constraints that we are. We know the same technologies driving these threats also offer us significant opportunities, and we must be diligent in how we harness these. We must leverage these advancements to enhance our own capabilities and ensure we are continuously improving anomaly detection and bolstering information protection. Investing in emerging technologies can help us stay ahead and strengthen our defensive measures.
In addition, preparation is crucial. Over the past 18 months, I have had the privilege of engaging with senior professionals at large organisations about the risks posed by technologies like quantum computing. Quantum computers could disrupt established cryptographic methods, requiring extensive preparation and adaptation. While this can seem overwhelming, it offers a chance to better understand and improve our cryptographic landscape, leading to overall security enhancements.
Thirdly, education and awareness are essential. In our discussions with boards and industry leaders, it is evident that this needs to go beyond educating our teams to include our customers and the public, and tailoring messaging to different audiences is vital. The right communication, to the right cohorts, can empower individuals and businesses to protect themselves and stay informed about the latest threats. AND There’s what we can teach our customers, but how do we educate ourselves, how do we gain better perspectives, and how do we keep ahead of the game and constantly challenge our thinking—internal and external experts should be built into our model of continuous improvement in cyber.
Finally, in addition to a connected cyber strategy between private and public sector, we have found that collaboration and integration within organisations are key. Effective collaboration across different functions can not only lead to a better understanding of issues and more holistic approaches to threat prevention, but can also in some cases reduce cost – something I think we can all agree we could do with. The evolving role of the Chief Security Officer, who now oversees cyber, fraud, scams, and financial crime, is a positive development and a step in the right direction. However, we all must work closely with other parts of our organisation, such as our digital experience teams, to balance user and employee convenience with robust security measures.
The cybersecurity challenge is significant, but so is the opportunity. Through vigilance, preparation, and collaboration, we can not only address these challenges but also harness emerging technologies to enhance our security. So today, think about this, are you and your business doing everything you can, or are you exposed?