Safeguarding ourselves from threats has never been more front of mind than in the past few years, as the COVID19 global pandemic pushes the world towards vaccinations and measures to identify, detect, protect, respond and recover from incidents. Another threat increasing at the same rate is the surge in cybercrime, with cyber criminals only showing the world that they will continue to leverage vulnerabilities and find innovative new ways to circumvent controls.
According to Accenture’s Cyber Investigations, Forensics & Response update, in 2021 Australia accounted for 11 per cent of the whole world’s cyber attacks. Whilst that may not seem like a large number, that places Australia as the third most-attacked nation globally after the USA and UK, and the most cyber-threatened country in the Asia-Pacific (APAC) region.
The Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2020-2021, highlighted a 13 per cent increase in cyber crime reports over the previous year, equating to one reported attack every eight minutes, compared to one reported attack every 10 minutes the previous year.
With the increasing threat-scape and proliferation of sophisticated cyber-attacks, governments and organisations are looking to rapidly grow their capabilities and resources to not only respond but take proactive actions against threat actors. There has never been a greater time to step into the cyber security industry by gaining the required skills and knowledge or learning how to apply your existing experience to cyber security.
What is cyber crime and cyber security? Why are they so important?
Cyber crime refers to any form of cyber attack and is defined as criminal activity involving a digital device, networked device or a network. As criminals can commit cyber crimes across international borders in a matter of seconds targeting multiple victims, cyber crimes are a serious matter.
Cyber crimes include those to individual persons, such as identity theft, fraud or types of extortion through to crimes affecting organisations such as espionage, data breaches, ransoms or denials of services. There is even the potential for cyber crimes to impact health systems, having life-or-death implications.
One of the most prominent threats currently, ransomware attacks, has lit up headlines across the world, with Australia facing some of the worst incidents in its history. The ABC reported “that in most cases ransomware attacks were not from a sophisticated adversary … many Australian businesses are still woefully under-prepared.”
Cyber security on the other hand, is the faculty of protecting digital services, information assets, networks, devices and programs from cyber crime. With the increased prevalence of cyber crime (think of the rise of the Internet of Things (IoT), supply chain impacts and working from home) the importance of cyber security has never been greater.
Cyber security is focused on protecting everyone from large organisations through to communities and individuals. Cyber criminals have proven throughout 2021 that no type of company or size of business is out of scope, with media, manufacturing, agriculture, health, government, travel, retail, education and more, all impacted by attacks in APAC.
There is no prejudice when it comes to who will be impacted by a cyber attack. Looking at the APAC region, small and medium businesses (SMBs) have been hit hard this year, with as many as 40 per cent of SMBs in Singapore impacted by a cyber-attack the past year according to CISCO’s September 2021 report, Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense.
What are some of the most common cyber threats?
To protect hacking of your company’s data or your own personal accounts it is critical to know about common cyber threats. Here’s a few of the current top threats:
Phishing is a fraudulent attempt at gaining access to personal or professional confidential information by disguising as a trustworthy entity via deceptive emails and websites. This includes increasingly crafty methods to navigate multi-factor authentication (MFA) like Smishing (SMS), Vishing (Voice) and through social media channels or even work communication platforms like Slack. Often, phishing is the first step a hacker will deploy in order to leverage initial access to a network environment.
Ransomware restricts or removes access to a computer system or data, or in some instances may threaten to release exfiltrated data to the public unless a ransom is paid. Ransomware is a top risk for most organisations’ boards and senior leadership, given its crippling nature to a business. Governments are reacting strongly this year through increasing political powers and resources to take action against ransomware attacks.
Business Email Compromise (BEC)
BEC, a major threat to Australian organisations, is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. Impersonating a legitimate request, the target is typically tricked into making significant payments to fraudulent accounts. An Australian hedge fund was forced to close as a result of this attack that cost millions of dollars.
Supply Chain Attacks
Used by State actors and cyber criminals, supply chain attacks continue to be a large concern impacting not only businesses but communities that rely on essential services and goods. Whether through the use of malware (software that is used to compromise a device or system) or even malicious hardware configured by a threat actor, once implemented into a supply chain can cause a ripple effect of damage and costs.
What are the career prospects for cyber security professionals in Australia and the Asia Pacific region?
Similarly, in the data science industry, there is a sizeable gap between the supply and demand of qualified cyber security professionals in APAC. According to AUCYBERSPACE Careers and Opportunities, in Australia the pipeline needs to continue to expand to meet the sector’s – and the economy’s – growth needs. The workforce is estimated to increase to 33,500 by 2024, with around 7,000 workers requiring training over the next four years.
With the skyrocketing demand for cyber security professionals the career prospects are looking remarkably rewarding. Coupled with great job security, flexible conditions and extensive variety, cyber security professionals are among the most generously compensated in the information technology industry. These are some indicative salary ranges according to Hays Technology Recruitment Australia:
- Cyber Security Analyst: $100,000 – $130,000
- Cyber Security Engineer: $110,000 – $135,000
- Cyber Security Architect: $163,000 – $220,000
- Penetration Tester: $120,000 – $170,000
As the supply and demand gap for qualified cyber security professionals augments, so will the salaries of people in those positions. Also, keep in mind cyber security offers a range of job types that are both technical and non-technical. This means those from all backgrounds and experiences can find a fulfilling role. There are cyber security jobs in education, sales, product, project management, consulting and more.
What cyber attacks occurred in APAC in 2021?
Thousands of data breaches and cyber attacks have occurred throughout 2021. Let’s take a look at some of the most significant cyber attacks in APAC.
- In the aviation sector, considered critical to millions of travellers for leisure and business, Malaysia Airlines and Singapore Airlines advised respective frequent flyer members that a breach of a third-party provider (Supply Chain Attack) had resulted in an attack on their data. Just before this, the information of over one hundred thousand Singtel customers was stolen in a similar manner.
- JBS Foods, a giant meat processing company, was hit with a ransomware attack that cost them approximately AUD $14.2 million for a five day saga that resulted in halting operations around the world, including places such as Australia. Jobs, along with supply chains and produce prices were impacted in a cyber-attack that surprised many.
- In Victoria, Australia, Eastern Health was the target of a cyber-attack that resulted in certain elective surgeries being postponed. This attack affected the day-to-day operations of four hospitals, though luckily, no one was hurt.
Some other high-profile incidents include those that involved 9News, Service NSW, RMIT University, and numerous government bodies, financial services, retailers and non-profit organisations.
How can I upskill to become a cyber professional today?
You can upskill to become a cyber professional and be qualified in as little as three to six months thanks to job-ready skills training programs such as the Institute of Data’s Cyber Security Program that runs both part-time and full-time to provide flexibility for all situations. These courses are the most efficient and effective avenues into the industry, and provide you with all the tools to become a successful cyber professional.
If you’d like to be a part of the in-demand industry that is cyber security, then it’s time to begin upskilling and connecting to the cyber community today. The Institute of Data offers programs for motivated and dedicated professionals who are seeking opportunities in this thriving industry. Talk to an Institute of Data career consultant today and find out where your cyber security career can take you.