Tomorrow’s hackers could shut down infrastructure and defraud the public sector of billions, according to a new report released by CSIRO at CeBIT’s Cyber Security Conference.
Hackers could soon use holes in computer security similar to Heartbleed to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless measures are taken now to prepare for such scenarios.
“Despite recently being ranked second in the Asia-Pacific region when it comes to cyber-security capabilities, we need to recognise that our increasing reliance on digital services leaves us potentially vulnerable at unprecedented scales,” said James Deverell, director, CSIRO Futures.
CSIRO’s latest report, called Enabling Australia’s Digital Future: Cyber Security Trends and Implications, looks at how a far greater number of future online attackers – anyone from a disgruntled employee to organised cybercriminals – could cause widespread disruption and financial losses by hacking into Australia’s digital services and infrastructure, including public services like patient health records and taxation data.
“The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be,” Deverell said.
“As we begin to develop and embrace these services, it’s in our national interest to ensure they’re designed with simplicity and transparency in mind from the very start.”
The report calls on businesses, public-sector organisations, and everyday Australians to:
- Embrace more open disclosure and work together when a breach occurs;
- Focus on simplifying digital systems, including designing “invisible” security measures that don’t hassle or slow down users;
- Invest in new systems to verify and protect an individual’s digital identities from theft or fraud. For example, CSIRO is currently researching and developing digital identity frameworks for use throughout Australia and the European Union.
Four key points from the report
1. Whilst many instances of cybercrime go unreported, non-government estimates put the cost of cybercrime in Australia as high as $2 billion annually.
2. According to antivirus vendor Trend Micro, Australian computers experienced 17,692,567 malware infections in 2008. Australia reported the fifth highest level of infections worldwide.
3. CERT Australia, the national computer emergency response team and the single point of contact for cyber security issues affecting major Australian businesses, reported close to 7300 incidents in 2012. The following year, incidents increased, with approximately 8500 reported by mid-August.
4. The Australian Bureau of Statistics Personal Fraud Survey indicated that over the 12-month period from 2010-11:
- An estimated 1.2 million Australians aged 15 years and over were victim to at least one incident of personal fraud
- Australians lost $1.4 billion as a result of personal fraud
- An estimated 44,700 Australians were victims of identity theft
- Approximately 6.4 million Australians were exposed to a scam.