Ransomware attacks jumped 13 per cent last year, a larger increase than the previous five years combined, according to analysis of thousands of global cybersecurity incidents which revealed people are by far the weakest link in cyber defences and espionage is a growing motivator.
The warning comes as Labor inherits a government after challenging its predecessor on cybersecurity resilience and culture, and mulls who will be its dedicated cyber minister.
Verizon’s 15th annual Data Breach Investigation Report, published Tuesday, is based on analysis of nearly 24,000 cyber incidents, of which around a fifth were confirmed breaches.
Finance, professional services and public administration sectors experienced the most breaches, with human elements like phishing, errors and compromised credentials overwhelmingly present in breaches.
Australian private and government organisations contributed to the report, although it does not break out data on Australian incidents.
Along with a large jump in ransomware attacks globally, the latest report warns of a rise in organised crime – now involved in roughly 80 per cent of breaches – and heightened geopolitical tensions driving increased sophistication, visibility, and awareness around nation-state affiliated cyber-attacks.
The latest data also continues a finding that has been consistent since the inaugural 2008 report, that actors in a breach are overwhelming external – responsible for 80 per cent of the 5146 breaches analysed last year.
Attacks on public administrators are increasingly becoming about espionage rather than financial gain, although the latter remains the motivation in 75 per cent of these attacks.
The well-regarded industry report comes as Australia’s government changes hands with the proimise of a new approach to cybersecurity at the national level.
In Opposition, Labor criticised the Coalition on a lack of effective policies for specific areas of cyber risk like ransomware, and challenged government agencies on their own cyber culture, accusing some of resisting accountability.
Now-Prime Minister Anthony Albanese is also expected to name a dedicated cybersecurity minister in his ministry next week after promising to make it “someone’s day’s job, not the last item on another Minister’s to do list”.
Labor’s shadow cybersecurity minister Tim Watts has foreshadowed a “step change” in cyber culture under the new government, he said will work more collaboratively with the private sector.
“I want to change the way that the cybersecurity functions of government – from policy development to information security – interact with the Australian cybersecurity ecosystem outside of government,” Mr Watts said earlier this year.
Verizon cybersecurity expert Christopher Novak has said the Australian Government has shown promising signs of good cyber hygiene and a willingness to invest in skills, citing the $10 billion REDSPICE program announced in the last budget.
“I think seeing big initiatives like that are very positive. It’s moving in the right direction. They’re making the investments,” Mr Novak told InnovationAus.com earlier this month ahead of the report release and the Australian election.
“Obviously, at the end of the day, time will always tell in terms of just throwing money at it doesn’t necessarily make it better. It all comes down to design, implementation, [and] execution. But I also know that Australia has partnered well with a lot of other government organizations around the globe [on cybersecurity].”
Do you know more? Contact James Riley via Email.