One common question we get asked by customers who have been on the receiving end of a cyber incident, is how to go about reporting the incident to authorities. Many of us are well aware of the avenues to take when we are the victim of common crimes like theft or criminal damage, but what’s less clear is how to go about reporting incidences of cyber-crime.
Be it from phishing attacks that compromised user credentials to targeted ransomware attacks that sought to extort your business, reporting is an important part of the remediation cycle. Reporting allows authorities to document and report on the scale of cyber crime in Australia as well as provide you with assistance in investigation and potential later prosecution of attackers.
In the past there were a number of options available to report cyber crime. CERT and ACORN were the common ports of call, however in 2018 CERT was absorbed by the Australian Cyber Security Centre and, since the start of FY20, the Australian Cybercrime Online Reporting Network (ACORN) has been replaced by The Australian Cyber Security Centre’s Cyber Issue Reporting System.
To report a cybercrime today
Please report cyber crimes at the following URL: www.cyber.gov.au/report
Reports can be lodged on behalf of individuals or businesses operating in Australia (with a registered ABN) or government departments.
Note: If you have lodged an ACORN report in the past, this will not need to be resubmitted and will follow the previous path for investigation.
Why report cyber crime?
Reporting cyber crime is an important responsibility of Australian businesses and cyber professionals. The scale of cyber crime needs to be adequately reported upon and monitored to ensure that investments made by the government and its agencies are focused and concentrated on the Australian threat landscape.
Additionally, if customer or personal data is compromised during a cyber incident, you may have other obligations with reporting upon a breach as part of the OAIC’s Notifiable Data Breaches Scheme. This scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and many more.
At Cythera we have a strong understanding of the various doorways open to businesses to investigate, remediate and report on cyber incidents including your business’ responsibilities with respect to mandatory data breach notification.
If you believe your business is (or has) been impacted by a cyber incident we can mobilise quickly, work on your behalf to contain risk and provide a surefooted pathway to restoring your cyber security posture. Contact us on 1300 CYTHERA (1300 298 437) to discuss how we can help today.