Australian firms at risk due to evolving cybercriminal sophistication

A new survey conducted by Ping Identity, a leading provider of secure digital experiences, has discerned a growing risk to Australian enterprises as cybercriminal identities evolve in sophistication. The survey discovered that merely over one-third of the nation's companies are employing multi-factor authentication (MFA), escalating their vulnerability to cybercriminals utilising increasingly complex AI methods to bypass advanced virtual defences.

The research, which received responses from 100 IT decision-makers in Australia and another 600 from the U.S., U.K., France, Germany, and Singapore, reveals a serious need for Australian organisations to bolster their identity protection strategies. Only slightly less than half (45%) are moderately confident that they can ward off AI-related cyber-attacks. Furthermore, all businesses surveyed struggle with identity verification, thereby opening doors for cybercriminals to usurp identities.

According to Ashley Diffey, Vice President Australia and New Zealand, Ping Identity, "To stand a chance against advancing identity fraud tactics, businesses need to innovate to keep pace, leverage more advanced technologies and remain vigilant. The attacks are not going to disappear and so having the ability to reduce their likelihood of succeeding will be vital." The survey rewards not all is lost, as around 36 per cent of Australian businesses are planning to significantly increase their investment in fraud detection over the course of the following year.

Instances of identity theft are on the rise according to Australian Bureau of Statistics figures, as 2.1 per cent of the population experienced online identity impersonation in the 2022-2023 financial year. Moreover, a third of the victims reported that the stolen personal information was abused to extract money from financial services institutions or investments.

Exposing worrying security gaps, 62% of Australian organisations voiced profound concern over phishing protections, with 56% apprehensive of credential compromise and social engineering threats. At 55% stood synthetic identity issues and account takeover threats. In view of these vulnerabilities, 43% confessed their present fraud prevention strategy to be partially or entirely ineffective against credential compromises. Worryingly, a mere 36% employ two-factor/MFA for protection against fraud, and even fewer (35%) resort to biometrics.

Deeplying the apprehension, 56% are anxious about protecting their organisations from emerging AI threats, yet 45% express low confidence in their technological defenses against AI attacks. Over a third (35%) foresee an upsurge in AI-driven identity threats in the upcoming year. There is, however, a ray of hope with 75% of organisations expressing belief that AI adoption would enable dynamic user authentication modifications based on behaviour.

In addition, Decentralised Identity (DCI) remains an underutilised area for identity protection as just 43% of businesses have implemented a strategy to utilise DCI against fraud for customers and employees. The report found manufacturing and government organisations lead the way in implementing a strategy at around 50%, whereas finance reports the lowermost strategy adoption, registering at a meagre 26%.

Warning of the severe repercussions of neglecting cybersecurity, Decentralised Identity Expert at Future Customers, Jamie Smith commented, "Fraud is on the rise, and it's getting worse with AI. Smart leaders know that they need to level up yet so many organisations don’t have the right guardrails in place to mitigate or prevent these kinds of threats. The longer they go without, the more they put themselves in harm's way."