Diamond IT Blog

The State of Ransomware Attacks on Australian Businesses

Written by Samantha Cordell | July 20, 2021

It's no secret that ransomware attacks are currently surging in Australia, with 67% of Australian businesses saying they have previously suffered a ransomware attack. 

This is 10% higher than the global average, and according to research by Cybersecurity Ventures, by the end of 2021 it is expected that globally, a business will experience a ransomware attack every 11 seconds.

In ransomware attacks, cyber criminals gain access to an organisation's computer network with the aim of stealing or encrypting data rendering it useless until a ransom amount is paid. If the ransom payment is not made, the cyber criminals threaten to publish the data on the dark web, or permanently delete it.

This, of course, can be incredibly disrupting and damaging to any business, with large financial costs, the cost of downtime and data loss, and the long term effects of reputational damage having to be recovered.

Regardless of industry or size, no business is safe from ransomware attacks, with the Australian Government recognising that ransomware has become one of the most immediate and highest impact cyber threats to Australia.

 

What impact is ransomware having on Australian businesses?

It's evident that the impact of ransomware attacks on Australian businesses has become increasingly severe, with many high profile attacks being publicised in the media in recent times, including logistics company Toll Holdings, Nine Entertainment, and meat supplier, JBS Foods.

According to the Australian Cyber Security Centre (ACSC), Australian businesses have seen a 60% increase in ransomware attacks in the past year alone.

Further startling ransomware statistics...

  • One-third of the Australian organisations that have been subjected to ransomware attacks have paid the ransom.
  • Of those that paid, the average amount was A$1.25 million. 
  • 36% of Australian organisations also attempted to negotiate with the attackers.
  • The percentage of ransom payments made by Australian organisations is higher than any other country in the Asia Pacific region, and more than the global average (27%).

*Source: 2020 Crowdstrike Global Security Attitude Report.

 

Support in fighting ransomware from the Australian Government

Assistant Minister for Defence, the Hon Andrew Hastie MP, says the Government is tackling cybercriminals head-on to support Australian organisations and individuals from cyber compromise.

“Under the Cyber Security Strategy 2020, the Australian Government is strengthening Australia’s capability to counter cybercrime with a $164.9 million investment,” Assistant Minister Hastie said, while also encouraging Australian organisations to report their ransomware incidents to the ACSC. 

In addition to this, the ACSC has published a ransomware Prevention and Protection Guide, with steps on how businesses can protect themself from ransomware, including:

  • Updating your devices and turning on automatic updates.
  • Turning on Multi-Factor Authentication.
  • Setting up and performing regular back ups.
  • Implementing Access Controls.
  • Turning on Ransomware protection.
  • Preparing a cyber emergency (also known as Disaster Recovery) plan.

Minister Hastie goes on to note that "ransomware is one of the most damaging types of cyberattacks, which can have severe and long-lasting impacts on Australian organisations and their operations. But prevention is better than cure, and with cybersecurity, the best offence is often a strong defence."

 

So, what else can you do to protect your business from ransomware?

Further to the Prevention and Protection Guide, the Essential Eight is a "series of baseline mitigation strategies" also recommended to all Australian businesses by the ACSC. While no single mitigation strategy can prevent cyber attacks, the Essential 8 is a great start.

We also strongly recommend implementing Cybersecurity Awareness Training for all levels of employees. Infact, training staff to strengthen your Cyber defence is often referred to as the "Essential 9th" mitigation strategy. 

Reputable Cybersecurity Awareness Training courses educate employees about cyber threats and attacks they may be subjected to every day, such as a ransomware attack, giving them the knowledge and tools they need to be able to identify and take the appropriate action required if they do receive a malicious attempt.

 

How can Diamond IT support your cybersecurity defences?

We can help you ensure your technology, policy and staff education programs align with best practice to protect you from the ever-evolving cyber threat landscape. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity.


If you need advice on how you can ensure your cybersecurity strategy is fit for purpose our team of Cybersecurity experts are ready to help. Contact our team on 1300 307 907 today.