The most common cyber security threats explained

In our hyper-connected world, information is power. That’s why cyber criminals will do just about anything to obtain data, from your Wi-Fi password or banking login to corporate secrets and government files.

As their tactics become more and more sophisticated, the costs continue to grow. The simple fact is that anyone can be a victim of cybercrime—individuals, businesses, governments, and even infrastructure operators.

The cost of cybercrime

According to the Australian Competition & Consumer Commission, individual Australians lost over $2 billion to scams in 2021. Investment scams, payment redirection scams, and romance scams caused the most harm, with 50% taking place over the phone, 23% by SMS, and the rest by email or online.

All those weird calls about a problem with your computer and text messages about packages you never ordered? They’re all attempts at stealing your personal information and money.

At the other end of the scale, critical infrastructure such as hospitals, power grids, satellite networks, and transport systems are increasingly being targeted.

For example, in 2021 a ransomware attack on Colonial Pipeline, the largest refined oil pipeline system in the US, caused an outage that led to widespread fuel shortages. The company resolved the issue by paying the $4.4 million ransom to the perpetrators of the attack, a Russia-based group known as DarkSide.

What are the most common threats to cyber security?

Advances in technology create new opportunities, but they also create new risks. The variety of cyber attacks is constantly expanding, but here are some of the most common examples:

• Phishing is when scammers try to trick people into handing over personal data such as passwords or banking details in order to steal money or gain access to their computer systems. Attempts are often made through email, phone calls or SMS, but they can also happen in person.
• Malware is malicious software that gains control of your computer without you knowing. There are lots of types of malware including viruses, Trojan horses and worms, all with different purposes such as destroying data or stealing information.
• Ransomware is a common form of malware where the attacker blocks the user’s access to their computer or files and offers to return control in exchange for a ransom payment.
• Spyware is another form of malware that secretly records your online activity, such as your passwords.
• Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks flood a network with traffic so that it crashes. Sometimes their purpose is simply to create chaos, but they are also often used in conjunction with other attacks to gain unauthorised access to systems.

How can I protect myself or my organisation?

The good news is that there is a lot you can do to stay cyber-safe.

To protect your personal data, you should:

• Use a secure password manager that generates unique, complex passwords and remembers them for you
• Use two-factor authentication wherever possible, such as for your devices or to log in to important websites
• Regularly review the privacy settings and app permissions on your devices
• Learn how to recognise suspicious emails, websites, text messages, and phone calls
• Keep on top of software updates
• Research the security features of smart home devices before buying them

The Scamwatch website has a checklist of what to do if you think you’ve been scammed. You can also report scam activity to them and subscribe to email alerts about the latest scams you should know about.

Businesses and organisations not only need to protect their commercial interests, but they also have a legal obligation to protect the personal information they store on their users, customers, and employees.

Leaders must make cyber security a priority and keep up to date on best practices in their industry. Educating employees about security culture and practices is also incredibly important—human error is the weakest link.

Where can I find cyber security short courses?

Cybersecurity is a complex subject, and up-to-date training is invaluable for anyone in a position of responsibility.

A number of short courses are available online through the Australian Institute of Digital Technology that will give you a solid introduction to the topic. Enrolling in an individual subject from a cyber security degree is another option, provided you meet the eligibility requirements.