Scam Awareness Week: An opportunity to check your attack surface

Scams have been an unfortunate part of life for many years, however the ability for criminals to trick and deceive has been supercharged by recent advances in technology.

The rapid evolution of artificial intelligence (AI) is allowing scam attempts to be far more compelling and difficult to spot than ever before. The scammers might be using new spins on old themes, but they are now much more likely to succeed.

If you are currently considering an offer that is 'too good to refuse' or that will get you 'in on the ground floor' of a great investment opportunity, then consider this. Here in Australia, more than $3.1 billion was lost to scams in 2022 — an 80 per cent increase from 2021 — according to a report from the Australian Competition and Consumer Commission (ACCC), Targeting Scams¹. The majority of these losses were from fake investment scams, accounting for at least $1.5 billion in losses.

Scam Awareness Week offers a timely opportunity to shine a spotlight on the vulnerabilities that can expose individuals and businesses alike to malicious attacks.

An evolving threat landscape
In the wake of the COVID-19 pandemic, the rapid shift to remote work has accelerated the expansion of digital attack surfaces. As individuals and organisations have embraced cloud-based solutions, IoT devices, and remote access technologies, the potential entry points for cybercriminals have multiplied.

For businesses, the consequences of a successful cyberattack can be devastating. Data breaches, financial losses, and reputational damage are just a few of the potential outcomes. To mitigate these risks, organisations must adopt a comprehensive approach to cyber security. This should include:

• Risk assessment and mitigation: Identifying and addressing vulnerabilities is essential. This includes conducting regular security audits, patching software vulnerabilities, and implementing strong access controls.
• Employee training and awareness: Educating employees about best practices for cybersecurity is crucial. This includes recognising phishing attempts, avoiding suspicious links, and using strong, unique passwords.
• Multi-factor authentication: Requiring multiple forms of identification to access sensitive systems can significantly enhance security.
• Network security: Protecting networks from unauthorised access involves firewalls, intrusion detection systems, and encryption protocols.
• Data protection: Implementing robust data protection measures, such as encryption and regular backups, can help safeguard sensitive information.

The widespread and ongoing adoption of remote work patterns continues to create new challenges for cybersecurity. Remote access technologies, such as VPNs and Remote Desktop Protocol (RDP), can be vulnerable if not configured and managed securely.

Organisations must ensure that these tools are properly protected and monitored to prevent unauthorised access.

IoT devices, from smart home appliances to industrial control systems, are also increasing attack surfaces because they are increasingly connected to the internet. Many of these devices lack adequate security measures, making them potential targets for hackers.

Organisations, therefore, must carefully evaluate the security implications of IoT devices and implement appropriate safeguards.

In addition, organisations must also be aware of emerging threats, such as supply-chain attacks. These attacks target third-party vendors and suppliers to gain access to an organisation's systems. Implementing robust vendor management practices and conducting due diligence on suppliers can help mitigate this risk.

At the same time, ransomware attacks continue to evolve and cause issues for organisations of all sizes. Regular backups, strong access controls, and employee awareness of phishing attempts can help prevent these attacks and the disruption they can cause.

The importance of a proactive approach
Cyber security is an ongoing process that requires constant vigilance. Organisations must adopt a proactive approach, investing in the necessary tools, training, and resources to protect their digital assets.

By staying informed about emerging threats and implementing best practices, businesses can significantly reduce their risk of falling victim to cyberattacks.

However, while technology plays a crucial role in cyber security, the human element is equally important. The training provided to employees must emphasise the important role they play in keeping their organisation safe from cyber incidents.

The role of government and industry
Governments and industry organisations also have a responsibility to promote cyber security. In Australia, the National Anti-Scam Centre (NASC) – operated by the Australian Competition and Consumer Commission – is working hard to raise awareness of scams and the steps people should take if they become a victim.

The NASC strives to improve collaboration between government agencies, industry, and law enforcement bodies. However, despite these efforts, the risk of Australians falling for scams remains elevated.  

As we continue to rely on technology in our daily lives, it is imperative to prioritise cyber security. Scam Awareness Week serves as a reminder of the importance of protecting our digital assets and staying informed about emerging threats.

By taking effective steps to enhance our security posture, we can reduce our vulnerability to cyberattacks and safeguard our personal and professional information.