Nine and Parliament House had to take immediate action against cyber attacks this week and the prudential regulator says it is only a matter of time before there is an attack on banks and other major financial institutions.
Australian Prudential Regulation Authority (APRA) chairman Wayne Byres told a banking summit the Nine attack was a “timely warning” that cyber threats were becoming more prevalent and more sophisticated.
The Australian has revealed that companies are now receiving ransomware attacks demanding as much as $10 million – and some are opting to pay up and claim on their cyber insurance policy.
McGrathNicol partner and cyber security expert Darren Hopkins says requests for assistance in handling ransomware cyber attacks had tripled in the past three months and cyber criminals were becoming increasingly sophisticated in assessing companies’ capacity to pay.
ANZ executive Mark Whelan says his bank has been dealing with up to 10 million cyber and phishing attacks on bank systems and customers every month.
Read more: How scammers get access to email accounts
He told the banking summit it was “the single biggest issue” facing banks and that it was vital to put in place as many controls as possible, including educating staff and customers.
Westpac chief executive Peter King told The Australian that scams and cyber risks had spiked during the pandemic.
“Cyber has to be up the top of every business’s and, frankly, every consumer’s, mindset at the moment,” he said.
“The potential for very sophisticated attacks has gone up so we have to operate at both a coordinated national level as well as an individual level.”
Mr Byres said: “We’ve seen recent moves by state-sponsored hackers and criminals to exploit vulnerabilities in Microsoft Exchange.
“It’s just a timely reminder that those cyber threats continue to grow and they require a continuous cycle of investment in improved practices.”
Last year, Australian Cyber Security Centre (ACSC) chief executive Abigail Bradshaw urged Australian companies to prepare for increasing incidences of ransomware attacks and said there had been a 50 per cent increase in ransomware attacks on businesses in Australia in the past year.
“It’s relentless and merciless, and we know that their tactics are to attack those most vulnerable,” she said.
Mr Hopkins told The Australian that cyber criminals were talking directly with companies, warning them they would release customer and company data unless a ransom was paid.
“They are being asked to pay a ransom so as not to cause more harm to the people whose information the company has,” he said.
Westpac chief executive Peter King told the Australian Financial Review that the banking sector was united in its efforts to share information and prevent cyber attacks.
“We’re a very competitive lot, but when it comes to cyber, it’s not a competition, it’s actually about the bigger picture – the system and information flows freely.”
Australian Banking Association chief executive Anna Bligh said the pandemic had created a perfect storm for banks with employees and customers spending more time connected to devices. She expected this would continue to rise.
Paul Haskell-Dowland, Associate Dean of Computing and Security at Edith Cowan University, said ransomware attacks often started with a phishing attack, in which large numbers of emails were sent to staff at an organisation.
“These emails often replicate the look of a legitimate message, and can include seemingly privileged information (such as staff names and internal departments) in an attempt to appear genuine,” he wrote for The Conversation.
“These emails aim to deceive individuals into clicking on a link or installing a file, perhaps by claiming this is a necessary patch to repair an issue with their computer.”
Are you confident your personal bank details are safe? Are you confident you would recognise a phishing attempt?
Read more: ACMA releases new rules to block scam calls
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.