Cybersecurity, it’s so hot right now

March 14, 2025
Kane Nawrocki
CEO
Development

   

The 2020-21 ACSC Annual Cyber Threat report is out, and as you’d expect, it’s not happy reading. However, if you care about your business, checking it out will give you a good handle on what you should be worried about.

   

Which six cybersecurity threats are hitting the headlines?

   

First up – we recommend that you read the full report. But in case you’re tight on time (and because we care), we’ve paraphrased ACSC’s six key cyber security threats and trends in the 2020-21 financial year.

   

         
  1. Exploitation of the pandemic environment. Malicious actors showed no mercy. Spear phishing emails leveraged the COVID-bandwagon to collect personal details from the unwary, and the health care sector and critical services were significant targets of ransomware attacks.
    2.      
  2. Disruption of essential services and critical infrastructure. Around 25% of reported cyber incidents were associated with Australia’s critical infrastructure or essential services. Think health care, food distribution and energy sectors – and the potential for loss of life.
    3.      
  3. Ransomware (and this is a biggie). With a 15% increase over the last year, it’s now one of the most significant threats to Australian organisations. Cybercriminal ransom demands ranged from thousands to millions of dollars. And scarily, they’ve got even better at it.
    4.      
  4. Rapid exploitation of security vulnerabilities. Malicious actors exploited security vulnerabilities (sometimes within hours) of public disclosure, patch release or technical write-ups. And as well as doing it at speed, they did it at scale.
    5.      
  5. Supply chains (in particular software and services). These stayed a hot target for malicious actors keen to access vendors’ customers. While Australia may have escaped the worst of major attacks like that on SolarWinds – we weren’t unscathed. If our supply chain isn’t already under enough pressure, the threat of compromise remains high.
    6.      
  6. Business email compromise (aka BEC). In these days of work-from-home, BEC remains a leading threat to Australian businesses and government. Over 2020–21, the average loss per successful event was more than $50,600 (AUD), a 150%+ increase over the year before.
    7.    

   

Why have things got worse?

   

Well, COVID-19 has significantly increased our reliance on the internet to run our businesses and organisations. We’d truly be lost without it. But the net comes with a dark downside.

   

As the new ACSC report rightly observes: ‘This dependence has increased the attack surface and generated more opportunities for malicious cyber actors to exploit vulnerable targets in Australia.’

   

Some handy resources

            <img decoding="async" class="size-medium wp-image-914 alignright" src="https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles-300x156.png" alt="" width="300" height="156" srcset="https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles-300x156.png 300w, https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles-1024x533.png 1024w, https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles-768x400.png 768w, https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles-1536x799.png 1536w, https://21452509.fs1.hubspotusercontent-na1.net/hubfs/21452509/Imported_Blog_Media/REAL_RandomTriangles.png 1772w" sizes="(max-width: 300px) 100vw, 300px">      

   

A solid approach to cybersecurity must be front and centre of everything IT in your business. It needs to be all-encompassing and cover everything from email protocols to BYOD devices, remote working, unpatched vulnerabilities, neglected updates, and more! It should also include a disaster recovery plan, so if your data is ever ransomed, you have a viable and potentially business-saving Plan B.

   

And don’t forget that regular training plays a big part in keeping your business safe. Cybercriminals constantly come up with cunning new ways to bypass even the Holy Cybersecurity Grail of multi-factor authentication.

   

         
  • Adopt the ACSC Essential Eight maturity model. If you have Microsoft Windows’ based internet-connected networks, check out the Essential Eight to help mitigate the damage caused by a cyberattack.
    •      
  • Train, train, and train some more. If you don’t have the internal resources to train your people, Sophos has some great free resources & tools – they make online cybersecurity awareness training interesting, fun, and educational.
    •      
  • Make your point loud and clear. If you’re struggling to communicate to the business at large about how critical it is to invest in cybersecurity, then sharing these crime stats from ACSC might help.
    •      
  • Need to report a cybercrime? This is your starting place regardless of whether the crime is personal, against a small to medium business, large infrastructure organisation or government department or agency.
    •      
  • Stay up to date with the most recent security vulnerabilities. Check out (and subscribe) to these blogs from our security partner, Sophos.
    •    

   

As ever, if you’ve got any questions – big or small – or would like some help or just a chat about safeguarding your business, contact us.

Frequently Asked
Questions

Do you complete Security Audits?

YES - we can complete one-off audits to give you a second opinion on your environment. However, this is what we refer to as IT Cowboys, and we would prefer to build an ongoing relationship with you. That’s why, when you commit to one of our packages, we complete an onboarding audit, which includes a security audit, a gap analysis against our Tactical 12 fortress, along with internal and external penetration tests. We then put together a plan for remediation as quickly as possible to ensure your compliance and get your insurance sorted ASAP so you’re covered.

Do you come to site?

In the initial onboarding process, we attend your site to document and understand how you operate, completing a checklist, inspecting infrastructure suitability, meeting key stakeholders, and performing general IT housekeeping. Once the onboarding process is complete, your environment should be rock solid, and the need to attend the site moving forward should be very minimal, if at all.

Will my existing computers be supported?

YES - Providing they are a currently supported operating system by the vendor and under warranty by the manufacturer.

Do you support Apple Mac and can they be compliant?

YES - we worked hard to ensure that Apple products can be supported and secured under all our product offerings.

What happens if an issue arises outside my support contract?

inSUPPORT Helpdesk operates a 24/7 'follow-the-sun' support desk, serviced by a team of global geeks. You might get a Kiwi from New Zealand on one call, and a Pinoy/Pinay from the Philippines on the next.

email us
hello@insupport.com.au
Call us
1300 RIGA IT (74 42 48)
+61 3 8840 2490
inSupport - IT Services and Cybersecurity in Australia and New Zealand
HomeServicesPricingHelp Desk(LINK##)Contact Us
About UsWhat We DoOur TeamBlogTestimonials
All Rights Reserved © InSUPPORT IT