Cyber-attacks on Australian businesses are legion, according to a new security report and banks present a target-rich environment as they move into a new and vulnerable space with the rapid uptake of mobile banking.
Following the proliferation of devices, the ultra-connectivity of digital banking and emergence of the Internet of Things (IoT) and virtual cloud environments, in the last 12 months three out of every five Australian organisations surveyed by Telstra experienced a monthly security incident.
The extent of the security problem does not surprise Angus Woods, managing director of online platform Adviser Ratings, who this week formed a partnership with risk advisers, Aon, to launch a cyber-insurance policy, designed to protect advisers and their customers against the increasing risk of cybercrime.
Woods said the move was in response to the emerging threat, which has been predicted to chew a $16 billion hole into the Australian economy over the next decade.
“Australian businesses of all sizes have been the target of cyber-attacks, and will continue to be,” Woods said.
“This is not a new issue. Australian lenders in particular need to protect themselves adequately against the cost of cyber-attacks to both business operations and their reputation, just as any business would.”
According to Telstra’s director of Security Solutions, Neil Campbell, as the number and variety of connected devices and applications proliferates, so does the criminal opportunity.
“We are seeing increases in security risks across the board,” Campbell said.
According to the report, more than half of all businesses experienced a ransomware attack last year, 30 per cent had a business email compromised and the number of distributed denial of service (DDoS) network attacks rose by more than 200 per cent.
Woods said the point of vulnerability for Australia’s major banks remained the shift to handheld devices for personal and business banking.
“One area of concern is mobile. Given Australians’ reliance on mobile and associated banking apps, these devices and operating systems are prone to constant attacks.”
Woods added that as attacks and malware become more sophisticated, there is a “high likelihood” that one or more lenders will be impacted in the future.
“Any counter action to a successful cyber breach is as important as the proactive approach lenders are currently taking to ensure that confidence in banks and the system is maintained," he said. “As for the big four - it’s impossible to say whether these banks have already been hit. All financial institutions are targets but most will have robust defences and protection in place.
“The new Privacy Amendment Bill, which will make data breach reporting mandatory later this year, is a welcome step to ensure greater transparency and to give consumers peace of mind,” Woods told AB+F.
Speaking last week at ASIC’s annual forum in Sydney, the head of Australia’s corporate watchdog, Greg Medcraft, flagged the potential impact of massive cyber-attacks on the stability of the national financial system.
"A cyber-attack is the next black swan event," Medcraft said. "The level of attacks that happen is enormous and there is a lack of transparency."