This week we heard from the Prime Minister that Australian Parliament IT systems as well as the major parties have been targeted in a sophisticated cyber-attack.
It looks as though, but not confirmed yet that it has been a phishing and social engineering campaign directed at parliamentary staff, and they have unwittingly provided their credentials to the malicious third party, probably a state actor.
The parliament is considered the ‘crown jewels’ for any state-sanctioned hacker but we cannot think naively that it’ll never happen to us. As I’ve said many times before there are campaigns that target specific people and specific businesses, but the majority of cyber-attacks are random and indiscriminate.
Whether we like it or not, we have something that cyber criminals want. They want our personal details, they want our money, they want our confidential information, all of this because this type of criminality is so lucrative and can do done without much effort.
I have provided tips previously around mitigating the risks around your cyber security but what happens if you do get scammed, where can you turn to for help?
The first recommendation is to put cyber insurance in place for your business to ensure that any loss and business liability can be reduced. Be careful when selecting cyber insurance though as some policies will not cover the types of liability you may think it does.
For your business, if you do get scammed or hacked, the first thing you should do is contact your IT provider so they can quickly ascertain what urgent action needs to be taken and then will be able to provide you with advice around what to do next.
Their advice may include contacting the following organisations:
The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security.
They monitor cyber threats across the globe 24 hours a day, seven days a week and alert Australians early on what to do.
They provide advice and information about how to protect yourself and your business online. When there is a cyber security incident, they provide advice to individuals, small to medium business, big business and critical infrastructure operators.
A useful link on the site is – https://cyber.gov.au/individual/report/ which provides advice around where to report a scam and where to get additional help.
ACORN (Australian Cybercrime Online Reporting Network) is an online reporting facility for cybercrime. The ACORN makes it easier for the public to report cybercrime, get the information they need to protect themselves online and ensure agencies can respond more quickly.
To report a cybercrime – https://www.cyber.gov.au/report
Scamwatch is run by the Australian Competition and Consumer Commission (ACCC). It provides information to consumers and small businesses about how to recognise, avoid and report scams.
A couple of useful links are:
IDCARE is Australia and New Zealand’s national identity & cyber support service. It is a
not for profit organisation. The service is the only one of its type in the world. IDCARE have helped thousands of Australian and New Zealand individuals and organisations reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation.
The organisation supports both individuals and businesses and provides a support service for those who have been affected by cybercrime.