The ACSC 2022-2023 Report: Key Insights for Cybersecurity in Businesses

The Australian Cyber Security Centre (ACSC) has released its 2022-2023 report, providing a comprehensive outline of the current state of cybersecurity and its impacts on Australian businesses and individuals. A significant detail from this report is that cybercrime has escalated by 23% in the past year, starkly underlining the ever-escalating threats posed to Australian businesses. For those like us, brimming with endless energy for all things cybersecurity, you can delve into the report in its entirety here: ASD Cyber Threat Report 2022-2023 | Cyber.gov.au. For the rest of you, we’ve distilled a number of pertinent takeaways below.

‍

Financial Impact of Cyber Incidents on Businesses

The ACSC report highlights the financial impact of cyber incidents on businesses, revealing a concerning trend. The average financial loss for businesses due to cyber incidents has increased by 14% compared to the previous year, indicating a rising cost of cyber threats. This increase is more pronounced across different business sizes, with the average cost of cyber events per business size:

• Small Businesses $46,965
• Medium-Sized Businesses $97,203.  
• Large Businesses $71,598.  

Medium-sized businesses tend to incur the highest costs. A probable cause is that they are at a critical growth phase where they become more attractive to cybercriminals yet may not have fully established the necessary cybersecurity infrastructure or practices. This, combined with complexity of “data sprawl” and potential complacency regarding “playbook testing”, can lead to significant financial damage.

This 14% increase in losses highlights the escalating severity of cyber threats and the vital need for all businesses, particularly medium-sized ones, to integrate robust cybersecurity measures as an integral part of their growth and risk management strategies.

Other Rising Trends

Approximately 34% of data breaches were linked to the exploitation of internet-facing applications, such as self-hosted servers or applications used remotely by staff and customers. This statistic highlights the potential risks involved when employees access company resources outside the traditional office environment, often without the same level of security controls. This rings particularly true with the notion that an overwhelming majority of cybersecurity incidents can be traced back to human error.

Additionally, the report notes a growing impact of cybercrime on individuals. This personal toll further underscores the often-overlooked human element in cybersecurity. Sectors such as professional, scientific, and technical services, along with retail trade, have become prime targets for ransomware attacks, likely due to the high level of human interaction and data exchange in these industries.

Queensland has emerged as the top target for cyber-attacks, surpassing both Victoria and New South Wales, highlighting that regardless of location, where vulnerabilities exist, cybercriminals will find and exploit them. The persistence of email compromise and banking fraud as top attack scenarios further illustrates how cybercriminals exploit human error and negligence. These trends collectively underscore the need for heightened awareness and training among individuals and employees to mitigate the risk of cyber incidents too often stemming from human actions.

Protective Solutions

In the rapidly evolving cybersecurity landscape, as detailed in the ACSC 2022-2023 report, adopting effective protection solutions is crucial for safeguarding against cyber threats. A significant concern highlighted in the report is the swift exploitation of critical vulnerabilities, with one in five being targeted within 48 hours of the release of patching or mitigation advice. This alarming trend underscores the necessity for organisations to implement prompt and regular software and operating system updates as part of their cybersecurity strategy. Quick response to update advisories is vital to protect against cybercriminals who are increasingly adept at exploiting any delay in security patching. Remember, they get the same update notifications as you do!

Equally important in bolstering cybersecurity defenses is the implementation of multi-factor authentication (MFA) across all devices and systems. MFA adds an essential layer of security, significantly reducing the likelihood of unauthorised access. This becomes particularly important in mitigating the risks associated with compromised credentials, a common issue in many security breaches. The combination of rapid response to software vulnerabilities through timely updates and the robust authentication provided by MFA forms a comprehensive frontline defense. These measures are indispensable in protecting digital assets and maintaining the operational integrity of businesses in the face of sophisticated and rapidly evolving cyber threats.

How To Respond If Attacked?

In the event of a cyber-attack, immediate and informed action is crucial. The Australian Cyber Security Centre (ACSC) provides a vital resource in this scenario through its Incident Response service. This service offers tailored information on how to effectively contain and remediate a cyber incident. The ACSC's advisory products assist with incident response and can connect affected parties with other Australian Government entities for further support, including the Australian Federal Police. Accessing this support is as simple as calling 1300 CYBER1 (1300 292 371).  

Additionally, reporting the incident to the Australian Signals Directorate (ASD) is a critical step. By reporting at cyber.gov.au/report, you contribute to a broader understanding of the cyber threat landscape. This reporting not only aids in your own incident response but also provides valuable data for common analysis. Such collective insights are essential for developing comprehensive recommendations and learning experiences, ultimately benefiting the wider community by enhancing collective cybersecurity knowledge and preparedness.

In Conclusion

In summarising the ACSC 2022-2023 Report, the landscape of cyber threats is evolving rapidly, with a 23% increase in cybercrime and a 14% rise in the financial impact on businesses of varying sizes. The report underscores the critical role of human error in cybersecurity vulnerabilities, particularly in the exploitation of internet-facing applications and common attack scenarios like email compromise and banking fraud. Adopting proactive security measures like regular software updates and multi-factor authentication (MFA) to mitigate these risks is essential.  

The report also emphasises the importance of a swift and informed response to cyber incidents, including leveraging resources like the ACSC Incident Response service and reporting to the ASD. This collective approach to understanding and addressing cybersecurity challenges is essential for businesses and individuals alike to navigate the complexities of the digital landscape securely.

‍