We have all heard the adage that 80% of new year’s resolutions fail by February. The reason is often cited as a lack of willpower or motivation to achieve our goals. Usually these goals involve our health, finances, or holiday aspirations. However, what if I was to tell you that 2024 is the year to change your cyber safety habits? This could be the year you finally strengthen your resilience against that ever-growing threat. Especially when you consider trends in Artificial Intelligence (AI), Australian Government regulation, increased attacks on law firms, and potential penalties. These factors could threaten property settlement safety and your business in 2024. However, we can all work together to reduce the risk and beat the bad guys.
You may recall in my previous article “Tis the season. . . for cyber fraud”, that in 2023 alone, the prevalence of ‘settlement fraud’, which is where scammers target real estate, has put over $28 million of Australian home buyers’ funds at risk – and these are just the cases that were reported to PEXA. This problem is expected to grow in 2024. As such, I want to highlight the following reasons why 2024 should be the year that cyber safety is top of your agenda (if it’s not already).
AI is just as effective for criminals as it is for you
It’s OK to admit that we have all used an AI platform (like ChatGPT) in the last 12 months. Whether it be to save time writing an important email or to get a quick summary on a document. AI’s potential to make our lives easier is mind boggling. And we have barely scratched the surface of what it can do. So, it is therefore inevitable that someone will find a way to use it for illegal purposes.
In a recent Forbes article on the 10 Biggest Cyber Security Trends in 2024, Bernard Marr says, “If cyber attack and defense in 2024 is a game of chess, then AI is the queen – with the ability to create powerful strategic advantages for whoever plays it best.” He goes on to talk about how Generative AI tools provide fraudsters with a way to “personalise” their approach to social engineering and email phishing. Therefore, we are likely to see an increase in scams targeting property settlement, a result of at least two of the following considerations:
- That most scams start with the types of attacks that AI is perfect for; and
- That we still rely heavily on email and other insecure communication methods to transact sensitive information such as settlement bank account details.
What can you do?
Reducing negative AI-related impacts begins with education of the risks and threats to your organisation and customers. Establish secure business practices and setup a way to report or confirm suspicious activity when it occurs. Additionally, stop using email, text messages or phone calls to communicate sensitive information. Scammers are on the lookout for businesses doing this. In the case of e-conveyancing, we strongly encourage our customers to use PEXA Key when transacting or settling property between buyers and sellers. It provides a more secure and direct method to transact.
Increased government attention, risk to the legal sector, and penalties
In November 2023, the Australian Federal Government released the 2023-2030 Australian Cyber Security Strategy. The Strategy details the following “six cyber shields” designed to promote the protection of Australian citizens and businesses.
- Strong business and citizens
- Safe technology
- World-class threat sharing and blocking
- Protected critical infrastructure
- Sovereign capabilities
- Resilient region and global leadership
Those in the legal or property sectors who fall under this banner should pay attention in 2024. Especially when you consider analysis of a 2023 study into the state of cyber maturity for Australian law firms on cyberdaily.au. They noted that 25% of the 500 firms surveyed “had been affected by minor or major breaches.” It is likely the problem is much larger given that this is based on a sample of firms.
We can expect that legal practitioners involved in property settlement will continue to be targeted, like most other sectors. Firms who do not educate and defend themselves appropriately stand to lose more than just client settlement funds.
The Government also introduced heavy fines in the wake of Australia’s recent high-profile cyber incidents. In some cases, fines up to $50 million could be issued for repeated privacy breaches as the result of cyber-attacks. The bill to introduce these penalties was passed by the Federal Parliament in November 2022. Whilst that is an extreme case, the Government is looking to crack down on repeat offenders who do not adequately implement protections against such breaches.
The key is to be informed
Now is the time to get to know our national strategy for cyber security, understand your obligations, and take advantage of the resources designed to help. The Australian Cyber Security Centre (ACSC) has a range of resources available on their website for businesses.
You can also review some of the key frameworks and guidance provided to help businesses remain secure. The Australian Federal Government maintains the ASD Essential 8 that provides a set of controls to limit the technical vulnerabilities that attackers can exploit. Additionally, there are other global frameworks such as the NIST Cyber Security Framework. The NIST framework is heavy on detail but can make a good benchmark to review your business against depending on its size.
Add cyber hygiene to your 2024 resolutions list
There is no hope of reducing the risk of a cyber-attack without the focussed effort of every single Australian, regardless of industry or seniority within the business. Everyone is a potential target and therefore we need a sense of shared accountability to help win the fight.
Remember the basics of good cyber hygiene and make sure you educate yourself, your employees/coworkers, your families, and your friends. Review these steps often and choose one or two to add to your new year resolution list for 2024:
- Do not trust emails containing links, or that create a sense of urgency.
- Enable Multi Factor Authentication (MFA) everywhere possible.
- Keep all software updated (turn on auto updates where possible).
- Use strong and unique passwords across all online accounts.
- Keep anti-virus active on all your devices.
- Keep a safe backup of your data in a cloud or similar service.
- Do not trust unsecured public Wi-Fi. If you must connect to it, use a VPN.
If you have any questions or require any support for a cyber-related matter impacting a client’s property settlement, please do not hesitate to contact our member support team who are always willing to help.
Written by David Willett
As PEXA’s Chief Information Technology Security Officer, David leads PEXA’s security strategy and operational capabilities that ensure the availability, confidentiality and integrity of PEXA and customer data. David is a regular speaker at various cyber security industry events, most recently the 2023 NAB Small Business Australia conference and the 2023 AISA Australian Cyber conference.
In his own time, David is studying an undergraduate degree in Creative Writing at Curtin University and enjoys podcasting and creating video content.
