ASD Threat Report 2022-2023

Each year, the ASD release their Threat Report that provides insights into our cybersecurity landscape; detailing emerging threats and risks, and recommendations to enhance cybersecurity resilience.
Check out some key points from the ASD Threat Report 2022-2023 release!

Top 3 cybercrime types for individuals

  • identity fraud
  • online banking fraud
  • online shopping fraud.

Domain Takedown Service blocked over 127,000 attacks against Australian servers,
up 336 per cent.

Publicly reported common vulnerabilities and exposures (CVEs) increased 20 per cent.

Answered over 33,000 calls to the Australian Cyber Security Hotline, up 32 per cent on average 90 calls per day, an increase from 69 calls per day.

Nearly 94,000 cybercrime reports, up 23 per cent on average a report every 6 minutes, an increase from I report every 7 minutes.

Notified 158 entities of ransomware activity on their networks, compared to 148 last year, roughly a 7 per cent increase,

Australian Protective Domain Name System blocked over 67 million  malicious domain requests, up 176 per cent.

For more information, check out the full report available from the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC):
cyber.gov.au

Cyber Threat Trends

Australian Businesses & Organisations

Top 3 cybercrime reported by businesses:
1. email compromise
2. business email compromise fraud
3. online banking fraud.

A cybercrime is reported every 6 minutes, on average.

Almost $80 million in losses due to business email compromise fraud was self-reported to ReportCyber.

Business email compromise fraud continues to significantly impact businesses, with an average financial loss of over $39,000 for each incident.

The average self-reported cost of cybercrime to businesses increased by 14% per cent.
■ $46,000 for small business
■ $97,200 for medium business
■ $71,600 for large business

What should Australian businesses do?

  • Use Multi-Factor Authentication (MFA).
  • Use long and unique passphrases for every account.
  • Use automatic updates for all software, and don’t ignore installation prompts.
  • Be alert for phishing messages and scams.
  • Review the cyber security posture of remote workers including their use of communication, collaboration and business productivity software.
  • Train staff on cyber security matters, in particular how to recognise scams and phishing attempts.

If you have any questions or concerns, send them through to [email protected], and we’d be happy to answer what we can!