Business email compromise is still one of the most common ways that firms are being attacked by cyber criminals.
This was one of the recent key national cyber security trends from the Australian Cyber Security Centre (ACSC) shared by McGrathNicol Partner Darren Hopkins at the Queensland Law Society Property Law Conference in Brisbane on Friday.
Darren and David Bowles, QLS Special Counsel (Ethics), presented the Latest in Cybersecurity for your property practice with featured examples of AI such as voice clones which are being used by criminals to trick staff into sharing or changing details. They said criminals are “constantly evolving” their operations.
Darren Hopkins ran through national statistics.
The latest statistics show that cybercrime is at an “all-time high” with business email compromise, email compromise and online banking fraud the top three for businesses.
He said the statistics and trends released by ACSC are “supposed to scare us a little bit into doing more in relation to cyber security”.
“The spotlights and the key themes that came out this week were things that we have been talking about,” Darren said.
“There is an expectation that you will mitigate your cyber threats.
“So the Privacy Commissioner has clearly come out and said our expectation is you’re doing something about this, and if you are not doing something about this, and an incident occurs and I ask you some questions and you can’t prove that you are preparing or were prepared, then I’m going to hold you accountable.”
He said supply chains and due diligence around their security measures were also in the spotlight.
“You should know what the businesses that support your business are doing in relation to their cyber,” he said. “Are they doing it? Have you asked the question … to anyone who has access to your information … the hard questions about their security?”
Darren shared examples where businesses had lost money from $400,000 to millions due to fraud payments through simple security breaches via email.
Another worrying trend was unpatched vulnerabilities where organisations are still falling victim to attacks that can be prevented with simple IT processes.
He said cyber crime was not only an “IT problem” there was a human factor and security should be considered everybody’s business.
“Social engineering is very hard to defeat using technological defences,” he said. “Each firm and each work team has particular risks. You need to be able to recognise and manage these. Neither are set and forget.”
QLS Special Counsel David Bowles.
David said one of the things about social engineering, and these kind of attacks, was “they were not technical at all”.
“It is somebody picking up a phone or making contact with you or someone that works for you,” he said.
“You don’t have to hack the organisation, you just have to get into the head of people who work there and play upon our natural inclination to be helpful.
“Deep fake cloning is not quite good enough to have an interactive phone call in real time yet but it is a few months away.”
Presentations from the conference will become available on the QLS Shop.
Share this article