As our lives become increasingly digital, so do the risks we face. A study done by the Australian Institute of Criminology in 2023 revealed that almost half of the respondents had experienced at least one type of cybercrime. These numbers are only growing by the year, with Forbes reporting a staggering 72% global increase in cyberattacks since 2021.
In such a rapidly evolving age of big data and digitalization, it is more important than ever to be aware of your cybersecurity rights and the available protections. This article will explore three of the most pervasive types of cybercrime affecting Australian individuals and businesses today – malware, fraud, and data breach – and how the law may offer protection in each area.
Malware
Malware, short for ‘malicious software’, refers to any type of code or program used to harm digital systems. It is often used as an entry point for hackers to invade these systems, cause damage, and gain access and control of sensitive data.
Malware exists in many forms – including viruses, ransomware, and spyware – and can be distributed in countless ways – for example, through seemingly legitimate emails and messages or compromised websites – highlighting the widespread threat it poses to cybersecurity. In fact, the Australian Signals Directorate’s (ASD) Annual Cyber Threat Reports have indicated a steadily increasing rate of malware being used across all categories of cybercrime.
The Criminal Code Act 1995 (Cth) offers some valuable protection to victims of malware. Under section 477.2, it is an offence to cause the unauthorized modification of data to cause impairments to devices. Turning to section 477.3, this protection also applies to the impairment of electronic communications.
Fraud
Cyberfraud occurs when attackers employ deceptive digital methods to steal sensitive information from unsuspecting users for their own personal gain. It encompasses a range of activities including account, banking, and identity fraud – all of which pose significant risks to both individuals and organisations.
Two of the most common forms of cyberfraud are phishing and identity theft. Phishing is a widely used, relatively simple tactic that anyone can fall victim to. It involves attackers posing as trusted organisations or individuals to trick others into giving them sensitive information. For example, if you receive an email that looks like it’s from your bank requesting your details but from an unfamiliar sender, this is likely a phishing attempt. Identity theft, on the other hand, occurs when attackers use stolen personal information to commit fraud. Examples of this include using your details to open new bank accounts or make unauthorized purchases in your name.
Last year, the ASD revealed that identity, shopping, and banking fraud were the top three most common types of cybercrime reported by individuals – making up over half of the total reports they received. Banking fraud was also ranked as the second most common type reported by businesses.
The Commonwealth Criminal Code Act 1995 (Cth) addresses this threat, specifically under section 477.1. This provision criminalizes any unauthorized access to data with the intent to commit a ‘serious offence’ – which includes identity fraud (Div 372) and dishonestly obtaining financial information (s 480.4). Additionally, section 478.3 holds that it is an offence to possess or control data with the intent to commit a computer offence.
Data Breach
Data breaches occur when sensitive information is accessed or exposed through unauthorized means. Businesses are particularly vulnerable to this type of cybercrime, as they often store many personal customer and employee details.
The ASD has affirmed that data breaches were the most reported type of cybercrime from businesses in the 2023-2024 financial year. Email compromise was specifically flagged as the cybercrime of most concern to businesses, where attackers obtain sensitive data through employees’ email accounts and correspondence. An example of this would be an attacker gaining unauthorized access to a senior executive’s email account and using it to either impersonate them or extract confidential information.
This threat certainly shows no signs of slowing down. Earlier this year, a data breach occurred at one of Qantas’ third-party platforms that resulted in the compromise of over 6 million Australians’ personal information. This is an example of a data breach that occurred due to hacking, though they can also stem from human errors – such as sending confidential data to the wrong recipient or failing to install security measures – which further allow attackers to exploit vulnerabilities.
Again, the Criminal Code Act 1995 (Cth) has provisions in place to protect against this type of cyberattack. Section 478.1 establishes the unauthorized access of restricted data an offence, while section 478.4 does the same for the production, supply, or obtainment of data with intent to commit a computer offence. Part IIIC of the Privacy Act 1988 further provides an added layer of protection in this area, imposing an obligation on businesses to give notification of data breaches to affected individuals and the Australian Information Commissioner.
Cybercrime is an ever-present risk in today’s world – but you don’t have to face it alone. Our team of experienced legal professionals at Shore Lawyers is here to help. Contact us today to learn more about how we can assist you in navigating the evolving digital landscape and all the legal complexities it may entail.
