Latest cyber security threats

Stay up to date on the latest cyber security threats and alerts for small and medium businesses on the Australian Cyber Security Centre (ACSC) website.

What is cyber security?

Cyber security is about protecting your technology, data and information from:

  • accidental or illegal access
  • corruption
  • theft
  • damage.

You need to protect any digital information that your business creates, collects or stores. A secure system is essential to protect your business from cybercrime and maintain customer trust.

Threats to your technology or data might come from:

  • criminals who want money or information
  • clients you do business with who want to compromise your information
  • business competitors looking to gain an advantage over your business.
  • current or former employees who accidentally or intentionally compromise your information.

Cyber criminals look for ways to access information and data on your business, employees and customers.

They might do this by:

  • stealing or accessing your hardware, computers and mobile devices
  • infecting devices with malware (such as viruses, ransomware and spyware)
  • attacking your technology or website
  • attacking third party systems
  • spamming you with emails or text messages containing malware
  • getting access through your employees or customers.

Your money, information, technology and reputation are at risk from cyber-attacks.

Cyber-attacks could destroy, expose or corrupt:

  • customer records and personal information
  • emails
  • financial records
  • business plans
  • new business ideas
  • marketing plans
  • intellectual property
  • product design
  • patent applications
  • employee information or records.

Types of online threats

Here are some common online threats to watch out for. The ACSC has more details about these and other threats.

Scams

A scam is when a criminal tricks you into giving them money or personal information. Online scams cost Australian people and businesses millions of dollars every year. 

Scammers are always coming up with new ways to take advantage of people and businesses. Some common methods are:

  • pretending to be from a bank or government department and asking for payments or personal information
  • using fake dating or social media profiles to gain your trust
  • telling you that your account or computer system has been compromised and they need money or personal information to fix it.

Account compromise

This is when a cyber criminal gains access to your email, social media, banking or other accounts. 

Criminals can use compromised accounts to steal money, information or identities. 

Phishing

Phishing is a type of scam. It uses fake emails or text messages to trick you into giving out private information or account details.

Phishing messages often seem to be from someone you trust, including people in your business. They can also appear to be from a large organisation or government agency.  

Malware

Malware is short for malicious software. It means any programs or applications that are designed to cause harm.

Malware can steal your confidential information, hold your system to ransom or install other programs without you knowing.

It can enter your system by:

  • spam emails and messages
  • websites
  • exploiting weaknesses in your software
  • posing as a trusted application that you install. 

Ransomware

Ransomware is a type of malware. It 'locks' your files, making your system or device unusable unless you pay a ransom fee.

Hacking

Hacking is when someone gains unauthorised access to your system, network or device. They might do this by finding out your password or exploiting a software vulnerability.

Once inside your system, a hacker could:

  • steal your data, including passwords and financial details
  • install malware
  • watch what you are doing
  • change how your system works.

Data breaches

A data breach is when sensitive or personal information is accessed, disclosed or exposed to unauthorised people.

This can happen by accident (for example, if you accidentally send an email with personal information to the wrong person). Or it can be the result of hacking or another security breach. 

A large-scale data breach involving customer information can be very damaging to your business's reputation. 

Identity theft

Identity theft is when a cyber criminal has enough of your personal information that they can pretend to be you. They use this information to do things like:

  • steal money from your bank accounts
  • create fake ID documents in your name
  • apply for loans or government benefits in your name. 

What to do if you’re a victim of cybercrime or scam

The ACSC has resources to help you report and recover from a cybercrime:

You will need to report a scam to the National Anti-Scam Centre.

If someone's life is in danger or they are at immediate risk of harm, call the police on 000.

Was this page helpful?