New research from Australia’s national computer emergency response team CERT Australia and the University of Canberra has revealed that only one-in-five organisations are aware they have experienced a “cyber incident” in the past 12 months.
Researchers surveyed more than 250 organisations from 11 industry sectors in Australia to find out about cyber security and what businesses are doing to keep themselves, and customers, safe online from hackers.
Of those who had experienced cyber attacks, 17 percent experienced a loss of confidential information and 10 percent suffered from financial fraud, according to the survey. Of those incidents, a third were infected with a virus and 21 percent with malware, despite 90 percent of respondents having some form of firewall or anti-virus software in place and two-thirds having IT experts on staff.
When it came to reporting cyber attacks, 44 percent admitted they had not reported the incident to anyone outside their organisation, with the main reason being a fear of negative publicity.
In recent years, security lapses have put millions of Australians (and several organisations' reputations) at risk.
A 2012 attack on networking site LinkedIn saw hackers steal more than 6 million users’ passwords before posting 165,000 online. In November 2011, hackers penetrated computers at the Reserve Bank of Australia in an email phishing scam targeting employees. While in April that same year Sony’s online network for the PlayStation suffered a catastrophic failure through a hacking attack when users’ names, addresses and other confidential information including credit card numbers were compromised.
As a result, many Australian organisations are investing heavily in online security; more than half the organisations survey by CERT had increased expenditure on IT security in the previous 12 months.
How to stay safe online
Banks and other financial institutions, for instance, use a combination of safeguards to protect consumers’ information, such as strict privacy policies, encryption systems and have systems in place to constantly monitor online transactions.
While there’s no absolute safeguard against fraud, by following a few simple precautions you can help to protect yourself online. The Australian Bankers’ Association and the Australian High Tech Crime Centre offer these tips:
- Never provide personal details including customer ID or passwords, in response to any e-mail. A bank will never ask you for your private password and this important information should never be shared with anyone.
- Never click on a link or attachment in an e-mail which purportedly sends you to a bank’s website. Only access your bank’s Internet banking logon page by typing the address into your browser.
- Be wary of any e-mail from someone you do not know or trust – delete without opening any e-mails that you think are suspicious.
- Always check your statements for any transactions that look suspicious. If you see any transactions that you did not undertake, immediately report this to your bank.
- Most ‘phishing’ e-mails do not address you by your proper name because they are sent out en masse to thousands of recipients. They sometimes contain typing errors and grammatical mistakes, even if they include the banks’ registered logos.
- Install software that will filter spam e-mail or use an Internet Service Provider (ISP) that will filter spam prior to delivery at your Inbox. Spam filters are often included in antivirus software.
Finally, when comparing credit cards and other financial products read the product disclosure statement and the institutions’ fraud protection information, or for more information contact the provider directly.