The Australian Cyber Security Centre’s latest threat report shows that the number of cyber attacks in the 2017 financial year has jumped 15 per cent on the prior year making Australia one of the most targeted countries in the Asia-Pacific region.
Cybercrime conducted by criminal and state-sponsored cyber adversaries remains a persistent threat to Australian banks, the report found.
Breaches are becoming increasingly sophisticated and highly targeted, as demonstrated by the recent spate of WannaCry and Petya ransomware attacks.
Ransomware and phishing attacks continue to be the two most prevalent threats, according to the Centre.
"Criminal groups continue to conduct malicious cyber activity such as deploying malware on a network to steal online banking credentials or conducting large, multi-stage intrusions to facilitate larger scale theft."
Three quarters of all Australian businesses have been attacked in the past year, with as many as one third in one month alone, the report revealed.
Australia's banks less vulnerable
The banking, financial services and insurance sector is clearly one of the most prone industries to cyberattacks.
However, according to Les Williamson, vice president of Citrix Australia and New Zealand, Australian banks and insurers are yet to be severely affected with most of attacks being based on opportunity.
"Given the Australian banking sector is highly regulated and safeguarding data is a legal requirement, other vulnerable markets often prove more attractive to cyber criminals," he said.
This view is supported by a recent Australian Securities Exchange survey which found that Australia’s financial services sector is doing a good job in tackling cyber breaches.
“Financial institutions have to comply with a strict regulatory framework," noted Williamson.
"Collaborating with regulatory bodies to share information allows the sector to tackle cyber threat issues effectively.
"Open two-way communications also allow both the bank and the customer to notify each other in case of a potential threat, help on-time detection and prevent cyberattacks.
Robust authentication key
“Many banks have multiple authentication layers making it more difficult for cyber criminals to get access to sensitive information."
The cybersecurity specialist cited Singapore’s DBS bank which has installed robust authentication layers that also include a piece of information only available to the customer.
“With today’s security threat landscape, constantly emerging technologies and increasing business complexities, banks need to take proactive measures to defend themselves.
"Strong authentication, end-to-end encryption and audit logging processes can strengthen the security framework of a firm.
From where Williamson stands, emerging technologies, like AI and machine learning also help automate low-risk tasks allowing security and IT teams to focus on more complex events and strategic outcomes.