Latest news with #AnnualCyberThreatReport
Techday NZ
19-05-2025
- Business
- Techday NZ
The Ransomware Threat: How to respond and protect your organisation
Imagine you're an IT administrator and have just started your workday, getting ready to check the status of your organisation's critical applications. But as you turn on your laptop, you see a chilling message: "Your files have been encrypted. To recover access, you must pay a ransom of $2 million in bitcoin." The attack compromised all your organisation's important documents, customer data and product information. To make it even worse, you have 72 hours to comply. Otherwise, you will lose the data permanently. While this is a reality for many organisations, there are actions you can take to respond to ransomware and protect your data. Ransomware and data theft extortion continue to be pervasive threats, with business email compromise and fraud among the top self-reported cybercrimes for businesses and individuals in Australia during FY2023–24. These attacks are highly destructive, causing significant harm to individuals, organisations, and wider society. Professional and technical service firms have been among the primary targets of ransomware attacks in Australia, ahead of sectors such as retail trade, manufacturing, healthcare, and construction. According to the Annual Cyber Threat Report 2023–2024, approximately 71% of extortion-related cybersecurity incidents handled by the Australian Signals Directorate during the 2023–2024 financial year involved ransomware. Federal government data also reveals that the average cost of a cybercrime incident is around $71,600 for large businesses and approximately $97,200 for medium-sized ones. For small businesses, the average cost is about $46,000, an increase of roughly 14% compared to 2023. These figures highlight the growing financial impact of cyber threats and the critical need for organisations of all sizes to be prepared. Here are some key recommendations on how to survive a ransomware attack: Maintain an incident response and recovery plan. No matter how hard you work, stopping an incident from happening can be unpreventable. However, you can focus on your incident response and build a recovery plan. But make sure this is not just a written plan that you touch occasionally. Practice, test and simulate often, making sure you are ready to minimise the impacts of an attack and are confident in getting the organisation back to operational. Penetration tests and vulnerability management are good practices to use to keep you up to date with your plan. Remember to identify who the key players are in advance. Who will you call when a breach happens? Identify your recovery team and ensure they are ready, including a law firm and a cyber insurance company. You need to outline the necessary steps to work with the Australian Signals Directorate and consider cyber insurance as part of your resilience strategy. Manage your communications. Communicating effectively is key to a crisis scenario, and it's not different in a ransomware situation. You need to create communication guides as part of your Incident Response Readiness (IRR) plan. These playbooks should include a work-back plan with timely and clear communications for inside the organisation as well as consider what messages might be needed for external stakeholders. Ransomware attacks may require a media statement, and you should establish what to do in these cases. Working with your communications and legal teams is critical to adhering to regulations such as notifying authorities, customers and so on. Ensure robust data protection. Having critical data in an isolated, immutable data vault will help you recover services and systems in order of importance. As part of your recovery, you can use techniques like a "clean room," which is a method that involves creating a secure, isolated environment to rebuild systems. This approach ensures that you have a secure recovery process, and you are not using compromised resources. And most importantly, make sure the data that you can recover is complete and accurate. Paying the ransom should be your last resort as there is no guarantee the hacker will return your data. And even in that scenario, you don't get your systems back right away. You still need to get your applications and infrastructure back to operational - essentially rebuild and test everything back. Train and educate employees. Another critical part of your ransomware strategy must include training and educating employees regularly. The root cause of many breaches comes down to employee-level breakdowns. Attackers can compromise an employee's credentials to gain access to the corporate network, or someone can fall victim to a phishing scam, which opens the corporate doors to an attacker. Educating employees about phishing tactics and password management is the first line of defense. Readiness pays off. While facing ransomware can be stressful, having a strategy in place can lessen the impact of financial losses, operational disruption, data loss and reputational damage. You can survive by maintaining an incident response and recovery plan that engages your full team in minimising the impact of the attack. Make sure you have a strong data protection strategy in place and that you are constantly training and communicating with your employees. By taking proactive steps, you reap the benefits of planning in advance and preserving your most critical assets. As ransomware threats continue to evolve, it's crucial to continually review your organisation's strategy, raise awareness among employees, and reinforce your commitment to safeguarding data. Learn more about ransomware and the solutions offered by Dell Technologies here.
Yahoo
04-04-2025
- Business
- Yahoo
Major superannuation cyber attack update after 'retirement funds stolen' in co-ordinated security breach
Australians are "panicked" about the security of their retirement nest eggs after multiple superannuation funds were targeted in a major cyber attack. National cyber security co-ordinator Lieutenant General Michelle McGuinness confirmed individual account holders had been targeted by cybercriminals. Providers targeted include Rest, Insignia and AustralianSuper - the nation's largest with assets of $360 billion. A government investigation has been launched and customers are grappling with outages as they try to find out information about their balances. Laura Koefoed told Yahoo Finance she was distressed after finding she was locked out of the AustralianSuper account she has been contributing to since starting work at 17. "I have around $100,000 in there and my account is locked," the 31-year-old said. "And I can't call them because their number is overrun. "I am panicking." RELATED Westpac customer's fury after cash withdrawal debacle 'costs him $6,500': 'You've got my money' RBA's superannuation warning amid $50 billion ASX plunge: 'Chilling effect' Jim's Mowing CEO calls for Aussies to come out of retirement AustralianSuper has since assured members that those seeing a $0 balance or unable to reach the call centre that their account was secure. "We are experiencing a high volume of traffic to our call centre, member online accounts and mobile app that is causing intermittent outages," the company said in a statement. "Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure. "This is a temporary situation and we're working hard to resolve it as quickly as possible. We apologise for any inconvenience." Koefoed wasn't alone, with social media littered with concerned members unable to reach their providers. "Why can't I log into my account to see if I am affected?" an AustralianSuper member asked. Four members are believed to have lost $500,000 in the co-ordinated attack. The attack took place on the weekend, with cybercriminals attempting lump sum withdrawals. The national cyber security co-ordinator confirmed government agencies would investigate and were currently working with the impacted providers. 'I am co-ordinating engagement across the Australian government, including with the financial system regulators, and with industry stakeholders to provide cybersecurity advice,' McGuinness said. 'If you have been impacted or are concerned you may have been impacted, follow the advice provided by your super fund.' The Association of Superannuation Funds of Australia has revealed "a number of members" had funds stolen and would be contacted by providers. Prime Minister Anthony Albanese point said online attacks had become too common in Australia. "We will respond in time, we're considering what has occurred," Albanese said. "But bear in mind the context here: there is an attack, a cyber attack in Australia about every six minutes." The Australian Signals Directorate Annual Cyber Threat Report in 2024 revealed cyber crime reports had increased 12 per cent, with an average of 100 calls per day to the Australian Cyber Security Hotline. AustralianSuper's chief member officer Rose Kerlin said the fund had seen a spike in suspicious activity on its member portal and mobile app in the last week. "We are urging members to take steps to protect themselves online," Kerlin said. "This week we identified that cybercriminals may have used up to 600 members' stolen passwords to log into their accounts in attempts to commit fraud," she said. "While we took immediate action to lock these accounts and let those members know." Rest Super said less than 1 per cent of members were affected, with the 'overwhelming majority' having no money taken. 'Over the weekend of 29-30 March 2025, Rest became aware of some unauthorised activity on our online Member Access portal. We responded immediately by shutting down the Member Access portal, undertaking investigations and launching our cybersecurity incident response protocols,' Rest chief executive Vicki Doyle said. 'At this stage, we believe that some of our members may have had limited personal information accessed and we are currently working through this with those impacted members.' Insignia Financial, which owns the superannuation brand MLC, also confirmed members were not financial impacted, but some accounts were currently restricted to protect customers. 'Some customers will receive communications prompting them to reset their passwords when they next log in to their accounts,' a spokesperson said. Australian Retirement Trust and Hostplus have both said no members lost money. 'We understand the importance of transparency and will provide further information as it becomes available,' a Hostplus spokesperson said. 'We have not identified any suspicious transactions or modifications regarding these accounts,' the Australian Retirement Trust spokesperson said Funds have encouraged members to change their passwords and check their personal details had not been changed. Timely advice on how to protect your super account has been issued. Firstly, you should log in and change your password to one you've never used before. The Australian Signals directorate recommended it be strong and unique, with more information on creating a passphrase here. Secondly, check your details are correct and if they have been changed, notify your provider. "If you receive messages on your mobile or email about changes to details you didn't make, call us straight away," AustralianSuper said. You can find more advice on software updates to keep your device secure here, and keep across the scam alerts page for new ploys to look out for here. Suspected cybercrimes can be reported to the Australian Cyber Security Centre via or by calling 1300CYBER1 for assistance 24/7. Follow up scams are prolific after outages, with some contacting members under the guise of offering assistance. Scamwatch warned one in three victims of a scam are scammed more than once. Lastly, if you're distressed, get support for yourself. You can talk to a financial counsellor or reach out to BeyondBlue on 1300 22 4636 or here for an online chat or Lifeline for crisis support online here on 13 11 14. You can also contact IDCARE to 'reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation'. Sign in to access your portfolio
