The UK’s National Crime Agency (NCA) has recently published its Cyber Crime Assessment 20161, highlighting the enormous amount of cyber-attacks targeting the UK. Unsurprisingly, the report says, “A cyber attack that poses an existential threat to one or more major UK businesses is a realistic possibility.” Over the past twelve months, over 2.46 million incidents were reported, including 700,000 cases of fraud, all originating from just a few hundred criminal gangs. The volume of attacks endangering UK businesses is staggering – and we’ve certainly not seen statistics like this in Australia. So, does this mean the threat we face here at home is a lot less? If we look at the threat actors, it’s the same selection of Russian, Chinese, European and American cyber criminals who are perpetrating the majority of the world’s cybercrime. These organised criminal gangs are the most successful and well-funded cybercrime operations on the planet, all of which are threatening Australian businesses just as much as they would threaten any other nations. Nevertheless, it’s our government’s response to the threat that I find the most interesting. The NCA says the UK government will spend £1.9bn (approx. $3.5bn AUD) over the next five years to help bolster the nation’s cyber-defences. Prime Minister Turnbull has pledged $33 million AUD in the recent launch of Australia’s Cyber Security Strategy to address the problem here at home. That’s less than 1% of the UK’s budget to fight exactly the same threat. Furthermore, the majority of the Australian budget will be used to swell the ranks within government departments, such as ASD, as well as to move the ACSC into new accommodation, so the investment left to improve our nation’s defences and create a “Cyber Secure Nation” is somewhat unimpressive.
The existential threat referenced by the NCA is also mentioned in the ACSC’s Cyber Security Survey2 (albeit a year old). The ACSC recognises that, “the cyber threat facing Australia is undeniable and unrelenting.” In the period covered by the ACSC’s survey (2014-2015) CERT Australia was called in to deal with 11,733 cyber security incidents affecting Australian businesses, of which 218 were related to attacks on national critical infrastructure and government systems. Compared to the 2.46 million incidents in the UK this seems like a much smaller problem, but we know that under-reporting is a massive issue everywhere, so these numbers need to be considered as a mere fraction of the real attacks, so the threat is real and persistent…Click HERE to read full article.
