Parents be aware of cyber attacks: Federal Minister Assisting the Prime Minister for Cyber Security Dan Tehan

Dan Tehan minister for Vetrans' Affairs during a press conference with Ken Foster National President of the Vietnam Vetrans Association at Parliament House in Canberra on Wednesday 17 August 2016. Photo: Andrew Meares
Dan Tehan minister for Vetrans' Affairs during a press conference with Ken Foster National President of the Vietnam Vetrans Association at Parliament House in Canberra on Wednesday 17 August 2016. Photo: Andrew Meares

The number of cyber attacks targeting mum and dads as well as businesses is booming, with Australians falling for online scams, email phishing, identity theft and credit card fraud in growing numbers.

And the federal Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, has a simple message for Australians during Stay Safe Online week: "Password1 does not cut it", with 81 per cent of hack attacks a result of stolen or weak passwords.

As well as urging Australians to adopt stronger passwords with at least 16 characters, Mr Tehan will suggest four more steps to stay safe: manage privacy settings more carefully, update software, back up data and avoid scams in suspicious email messages.

The minister will launch the Australian Cyber Security Centre's 2017 Threat Report, which contains alarming new figures about the increase in cybercrime at the National Press Club on Tuesday.

Mr Tehan will reveal the Centre's report states that 47,000 cyber incidents took place in the past 12 months, a 15 per cent increase on last year; half of these incidents were online scams or fraud, which is an increase of over 22 per cent.

In 2016-17, reports to the ACSC indicated losses of more than $20 million because of business email compromise, a 130 per cent rise from $8.6 million in 2015-16, while 7283 cyber security incidents hit major Australian businesses and 734 cyber incidents affected private sector systems of national interest and critical infrastructure providers.

"Cyber security is not just the domain of our intelligence agencies or our defence forces to protect against stolen secrets and cyber attacks," Mr Tehan will say, according to speech notes.

"Cyber security is as relevant for mums and dads, small business owners and local communities to keep their data, their money and their identities secure."

Small business, in particular, have been targeted by phishing email scams in which a scammer will send out thousands of emails in the hope that someone will click on a dodgy link or open a document infected with malware. Phishing emails are typically used to steal money.

They can allow access to a business or home computer system and allow a scammer to see emails being sent and received and allow, for example, false invoicing to take place.

"The advice is, if you can't identify the sender of an email, don't open it or click on any attachments," Mr Tehan will say, citing a real-world example - without naming the company - where such a scam cost a large Australian business half a million US dollars.

"What is happening to mums and dads and the community more generally is just as alarming."

The minister urged people and businesses to come forward if they believed they had been the victim of a scam or hack.

"First, business for cybercriminals is booming across the nation and it is impacting all of us. Second, victims of cybercrime need to report. And finally, the best way to improve our cyber security is for government, business and individuals to work together," he will say.

"If you're affected by cybercrime, speak up - don't regret it, report it."

"If you are a victim of cybercrime, you have done nothing illegal. Hiding cybercrime only allows cyber criminals to continue to break the law."

Mr Tehan will highlight the example of the Red Cross, which came forward quickly and announced it had suffered a major data security breach, as the approach that should be taken by business.

Last year's report focused on the possibility of terrorists launching a cyber attack on Australia within three years; the 2017 report does not provide an update on this threat.