Cybercrime is increasingly big business in Australia

As cybercriminals become more devious in their attempts to navigate our increasingly complex digital world, do Australian cybercrime laws need a review?

Last year, cybercriminals stole a record $107 million from Australian businesses and individuals – an annual increase of 18% on what they netted in 2017.

By targeting usernames and passwords, hackers and fraudsters have almost doubled their earnings since 2017, and illegally obtaining more than $10 million.

Part of the reason for the increase is that cyber criminals are getting smarter and more sophisticated. This is because over the years we too, have become more educated about the importance of cyber safety, and so, as internet users, we tend to be a bit more cynical and wary – about phishing scams, dubious looking pop ups, and those emails and texts that promise a phenomenal ‘win’ or large sums of money.

The big four banks, government agencies, blue chip global corporations, are all potential and lucrative targets of cyber criminals, along with individuals, small business, non-profit organisations.  And none of us are immune – in recent times there have been more than a handful of serious data breaches, some of which amount to a compromise of national security.

The real threat of cyber crime

This year alone some big brands, and government departments have been the targets of security data breaches including: Surf Lifesaving Australia, retailer Kathmandu, a Melbourne heart clinic and of course the Federal Government’s own ‘My Heath Record’.

In 2016, the Turnbull government announced a $230 million cyber security strategy in an effort to address the issue, which is estimated to cost Australia in excess of $7 billion every year in direct costs, and is considered to be rising at a rate of as much as 20 per cent per year.

Cyber Security Strategy

A year later, the Turnbull Government released a 12-month progress update on its cyber security strategy, which did show some limited progress, but there has not been any further update since then.

In the past few years, major technology law reforms have also been introduced in an effort to better protect Australians the threat of terrorists and cybercriminals.

The most concerning of these has been the data retention laws, which make it mandatory for telecommunications companies to retain the digital trail or ‘footprint’ (otherwise known as metadata) left through phone calls, SMS messages, emails and internet activity. Under the laws, this metadata must then be made available to law enforcement agencies, upon request.

At the time of the introduction of the laws, assurances were given that only limited agencies would have access to the data, but it was revealed last year that many more agencies than originally stated were actually accessing the data.

Many Australians would argue that the Government didn’t get this right.

Even though the intention was to be able to better identify and monitor potential terrorist activity and target cyber criminals, the legislation has seriously eroded the personal privacy and freedoms of ordinary Australians. This is just one example. Since then we’ve witnessed greater powers given to police and border control officers enabling them to access personal laptops and phones, and plans are underway for a national face-recognition database.

How effective is the law anyway?  

Attacks on individuals are increasingly common – via scam emails and phone calls designed to harvest passwords, banking credentials and other personal information. Losses from some types of scams of have increased by more than 70% in the last 12 months.

Of course, part of the reason for this particular statistic is that we’re also living more of our lives online and in our digitally-interconnected world it doesn’t take much for a savvy cybercriminal to join the dots across social media platforms and work out a scam that will target someone via an energy company they’ve admitted to belonging to, a major retailer they ‘follow’, a non-profit organisation they’ve expressed an interest in etc.

But while Government continues to target specific areas of the law, many would say that the entire Cybercrime Act 2011, is in need of review, particularly if it is to remain relevant, and what’s more, able to protect the individuals who are victims of these scams.

It is fair to say that the internet has become an integral part of daily life for most people, but that legislation, in many cases has not yet caught up, and it is worrying that in this digital age Australia’s cyber security strategies and overarching legal framework could be lagging behind other parts of the world, making us all increasingly vulnerable online.