"We still have some work to do"

"We still have some work to do" | Insurance Business

"We still have some work to do"

The ACCC has released its Targeting Scams Report revealing Australians lost over $643 million to scams last year. It marks a 30% increase from 2018, highlighting the troubling rise in cybercrime and its increasing risk for businesses.

The report comes weeks after Prime Minister Scott Morrison announced a “sophisticated” cyberattack by a state-based actor on the Australian government and industries, further emphasising the vulnerability of all bodies to cyberattacks.

For Kelly Butler (pictured), leader of Marsh’s cyber practice, the statistics aren’t a surprise and she concedes Australians still need to work on cyber education and training, especially in the present COVID-19 environment.

“It’s obvious that we still have some work to do – there’s no doubt that the scammers will continue to evolve, and they will get more sophisticated,” she said.

“Cybercriminals are becoming a lot more targeted, which is something that we’ve noticed of late. COVID-19 is a really good example of that, where they really looked at what the situation was, understood people were working remotely and came after the workforce in a very targeted way.”

For Butler, the report demonstrates that businesses should invest in the “best possible technology” available to protect themselves and to also understand that the key focus for boosting cybersecurity is cutting out human error.

“Every aspect of cyber security, from protecting to defending, has that human element and it guarantees that there can be no silver bullet here other than really robust and ongoing safety and awareness training,” she explained. “A scammer has to trick someone – that’s what it comes down to at the end – so it’s really training the workforce and individuals from a personal I.D. perspective to ensure that they know what to look for to keep themselves safe online.”

Gone are the days of poorly designed email and digital scams – for Butler, cybercriminals are becoming more sophisticated in not only their attacks, but also their target research.

“The old frazzled BEC attacks are still happening, and I still receive an odd Australian Post ‘click on this link, you’ve got a parcel’ scam every now and then. But it really has become more sophisticated,” she said.

“It’s not just a capsule anymore, they really are targeting a particular region, they look at what’s happening within that region, where there may be some vulnerabilities and targeting their attacks all around that. They’re also going after individuals – they’re profiling, they’re understanding what they do from a social media perspective - and high-profile executives are being targeted as well. They will look at their Facebook, Instagram and public speaking to then start really levelling and targeting their scams.”

However, despite the report’s damning findings, Butler says Australian businesses have adapted quickly to deal with what is becoming one of the most profitable crimes.

“I’ve actually been really impressed with how Australian businesses have so quickly adapted to moving their entire workforces from corporate facilities into that virtual environment during this COVID-19 period and lockdown,” she added.

“I think that’s a real testament to the amount of work that’s been done over the last couple of years and the government has been very proactive in helping businesses understand that they can’t just sit back – there needs to be a lot more work done to make sure they’re safe.”

Changing the mindset of not “if” but “when” a cybercrime will occur is paramount for businesses. Butler says they need to focus on how resilient they are because “it’s all about getting back up and running as soon as possible.”

“Not only is cyber insurance there to protect your balance sheet, it also provides immediate access to expert cyber vendors to assist you to remediate the situation and it gets you back up and running as soon as possible. That’s what you need to do from a reputational point of view, you can’t be down for long, you need to get back up and running,” she said.

“It’s hard to imagine that cyber is now not a top exposure for each and every business in Australia.”