In October 2022 (which ironically was ‘cybersecurity awareness month’), Australia experienced several major cybersecurity breaches (“hacks”), including Medibank and its subsidiary AHM, Optus, Woolworths and electricity provider Energy Australia.
Many other Australian and foreign companies – large and small – are all now among the household names that have fallen victim to a data breach.
If it seems like barely a week goes by without news of another incident like this, you would be right. Cybercrime is on the rise.
But why now? And who is responsible for this latest wave of cyber attacks?
In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data.
In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.
The cyber crime ecosystem
Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem.
This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.
For example, one of the fastest-growing and most damaging forms of cyber crime – ransomware attacks – involves malicious software that paralyses a victim’s device or system until a decryption key is provided following payment of a ransom.
Ransomware attacks are big business. In 2021 alone, they earned cyber criminals more than US$600 million. The huge amounts of money to be made in ransomware, and the rich abundance of targets from all around the world are fostering the development of a vast ransomware industry.
Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand.
Specialist criminals
Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.
Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.
Once they have compromised a victim’s network, they typically sell this access to other groups who will then steal data and deploy the ransomware that paralyses the victim’s computer systems.
There is a massive and growing underground market for this type of crime. Dozens of online marketplaces on both the dark web and surface web offer services from initial access brokers.
Their access to companies can be purchased for as little as US$10, although more privileged, administrator-level access to larger companies often commands prices of several thousands of dollars or more.
Responding to the growing cyber threat
Over the past month, we have seen several instances of cyber criminals forgoing actual ransomware. Instead, they sought to directly extort companies by threatening to publicly release any data they have stolen.
While not as devastating as a ransomware attack, data breaches can cause serious financial and reputational damage to an organisation (just ask Optus chief executive Kelly Bayer Rosmarin, who faced a major investor backlash by customers affected by the data breach; or ask Medibank chairman Mike Wilkins who also faced an investor revolt at its annual shareholder meeting), not to mention major problems for any customers or clients who now have their private information released online.
In the final six months of 2021, more than 460 data breaches were reported to government authorities. This figure more than tripled in 2022, Even more worryingly, this number is almost certainly an underestimate.
While Australian companies with a turnover of more than AU$3 million are required by law to report data breaches involving personal information, most small businesses are not subject to mandatory reporting laws. Therefore, they have little incentive to report a data breach that could scare off customers and damage their brand.
Taking action against cyber crime
So what can we do about it? In the first instance, you need to rethink your approach to data. Data should be treated not simply as an asset that can be freely held and traded, but also as a liability that needs to be carefully protected.
When you start thinking about cybersecurity, it logically leads to a consideration of putting your affairs in order.
Do you need assistance with getting your affairs in order – including your Digital Assets? We can help. Download our free eBook “Protecting your Digital Assets” here.
How we can help you?
An important modern consideration in putting your affairs in order, is to know what happens to your online accounts when you become incapacitated or die. It is critical that you understand who will be able to access or control your digital assets and all your personal information.
Unless you put steps in place to preserve your digital assets, you risk losing all you have built.
Genders and Partners are the Oldest Law Firm in South Australia. We are a boutique specialist law firm focusing on estate planning and elder law to help clients protect themselves, their family and their assets. Founded in 1848, we are celebrating our 175th anniversary in 2023 by launching a new integrated suite of estate planning products and services as an add-on to their EstatePlanner Essential Protection Plans. Find out more by downloading our free eBook “Protecting your Digital Assets” here.
Contact us to learn how to protect yourself, your family and your assets through modern integrated estate planning solutions, by visiting our website today and schedule a free no obligation telephone consultation to find out how they can help you and yours.
To learn how to protect yourself, your family and your assets, by creating a professionally-made estate plan, claim your FREE 15 minute Telephone Consultation.
Protecting Your Digital Assets
What will happen to your online accounts, profiles, data, subscriptions and memberships, if you die or become incapacitated?
With data breaches, elder abuse and digitalisation all on the increase, read these important insights from senior Australian specialist lawyer Rod Genders to help protect yourself, your family and your assets.