Up next
Author
Share and Follow
FacebookXRedditPinterestWhatsApp
The agency responsible for detecting and disrupting malicious cyber threats wants certain password habits to be “over”, as the amount of money lost to cybercrimes continues to rise.
According to the Australian Signals Directorate (ASD), relying on a username and password system only, without additional steps for verification, can leave Australians’ data vulnerable to hacking.
Last year, individual victims of cybercrimes across Australia lost an average of $33,000, an 8 per cent increase.
On Tuesday, the ASD released its annual cyber threat report, revealing businesses suffered even higher losses, doubling to roughly $202,000 per crime.
ASD director-general Abigail Bradshaw told SBS News it’s time to move past passwords.

“I hope it [using passwords] is over. What we need is more technologies that enable multi-factor authentication, so that you are never solely reliant on a username and a password,” she said.

An infographic detailing how cyber incidents have risen to 1,200 in the last year, along with an increase in cybercrime reports, 84,700.

The Australian Signals Directorate (ASD) has reported handling over 1,200 cybersecurity incidents, marking an 11% rise from the previous year, 2023-24.

“We need anything, all accounts, must have multi-factor authentication. You need to roll your creds, that’s the language we use, change your passwords increasingly regularly. Don’t use it across multiple devices,” Bradshaw said.

She said Australia is increasingly targeted by both cybercriminals and state-sponsored cyber actors.
Although she notes that the way they are gaining access to organisations, critical infrastructure, and businesses is changing.
“Networks are increasingly not being hacked, but are being breached through compromised or stolen credentials to gain unauthorised access,” she said.
In almost half of the incidents impacting large organisations, access was gained using real usernames and passwords, often stolen or bought by cybercriminals on the dark web.
Given that the access is genuine, instead of a hack, it is harder to track.

“Once access is gained, they mimic legitimate user behaviour to steal sensitive personal or corporate information, install ransomware or malware and take over accounts,” she said.

A man in a suit stands in front of an Australian flag and a dark blue curtain, speaking.

“Once cybercriminals gain access, they often imitate legitimate user behavior to extract sensitive personal or corporate information, install ransomware or malware, and take control of accounts,” she warned.

Cybersecurity Minister Tony Burke acknowledged work by the signals directorate “protects Australians every day”, but also said there are steps users can take to keep themselves safe online.

“Most cyber incidents are preventable, and basic defensive measures make a huge difference,” he said.

How to keep yourself safe from cybercrime

Passwords and usernames remain the biggest vulnerability for safety, with home office routers often also targeted by cybercriminals and used to conceal their activities.
The ASD advised that the basics are still the best form of defence from cybercrime, encouraging multi-factor authentication, which requires at least two forms of identity verification.
Stephanie Crowe, head of ASD’s Australian Cyber Security Centre, said 42 per cent of the incidents reported through ASD in the last financial year involved an element of stolen credentials.

“What that enables them [cyber criminals] to do is use a username and password to get onto an individual’s device, or, if they’re lucky enough, they’ve also been able to take usernames and passwords for people’s corporate accounts,” he told SBS News.

An infographic detailing the annual average cost of cybercrime attacks on individuals, $33,000, and small businesses, $56,000.

The average self-reported cost of cybercrime per report for small businesses rose by 14 per cent to $56,600, while the cost to individuals rose 8 per cent to $33,000. Source: SBS News

When using passwords, the phrases need to remain unique, while reputable password managers can ensure passwords are not reused.

Other tips include regularly updating software on devices, backing up important data and staying alert to phishing messages and scams.

Last year, the ASD responded to 1,200 incidents and blocked access to 334 million malicious domains.

Businesses issued warning ahead of 2030

The ASD warns the environment will grow increasingly challenging for businesses, with the development of post-quantum cryptography, anticipated by 2030.
Whenever communication is exchanged between users, whether via websites or emails, encryption is applied to the messaging in transit to protect the data.

The technology anticipated will be able to unscramble this messaging quickly, making businesses more susceptible to data decryption or hacking.

ASD urged businesses to invest and prepare for this technology, as the cost of a hack could ultimately be greater.
It also includes three other changes: implementing effective logging, replacing legacy IT and effectively managing third-party risk.
Critical infrastructure emerged as the key concern in 2024-25, with malicious activity impacting networks over 190 times, a rise of 111 per cent.
“This highlights the ongoing need for vigilance and action to mitigate against persistent threats,” Bradshaw said.
The agency collects and analyses data from communications systems, radio frequencies and electronic transmissions.
It answered over 42,500 calls to the Australian Cyber Security Hotline last year.
Share and Follow
FacebookXRedditPinterestWhatsApp
You May Also Like

Explosive Discovery: 41-Year-Old Man Arrested in Canberra Pipe Bomb Case

The motive of a man accused of making and scattering explosives along…
Agriculture Minister Tara Moriarty said: "There's been over 7000 submissions over the last couple of years about what we can do to strengthen animal welfare laws.

NSW Considers Legislation to Prohibit Leaving Dogs in Hot Cars

The NSW government is proposing law changes to criminalise leaving dogs in…

Could Trump Leverage Tariffs to Secure a Greenland Deal? Exploring the Legalities and Implications

United States President Donald Trump has escalated his longstanding designs on controlling…
A gang of teenagers on e-bikes have been captured hooning down streets and even a golf club on Sydney's northern beaches, sparking fears it's only a matter of time before there's another fatality.

Unleashing Chaos: Urgent Measures Needed to Tackle Rampant E-Bike Gangs

A gang of teenagers on e-bikes have been captured hooning down streets…
A former Labor leader turned mining boss has died after allegedly being assaulted in Perth, his family said.Tim Picton, 36, was allegedly attacked just after Christmas in the city.

Prominent Labor Figure Passes Away Weeks After Suspected Assault Near Perth Nightclub

A prominent figure in both politics and the mining industry, who previously…
Grim prediction as protest death toll surges

Shocking Surge: Unveiling the Alarming Rise in Protest-Related Fatalities

A US-based activist agency has verified at least 3766 deaths during a…

13-Year-Old in Critical Condition Following ‘Large Shark’ Encounter at Sydney Harbour Beach

A 13-year-old boy is in a critical condition after sustaining serious leg…

Protesters Plan January 26 Comeback Following Dispersal of Custody Deaths Demonstration

Protesters in Sydney have vowed to return for ‘Invasion Day’ rallies on…