A growing threat to data security and business profitability
While many Australian organisations brace for high-impact cyber breaches, it’s the quiet, undetected threats that often cause the most lasting damage.
Cybercriminals have traditionally relied on overt, high-impact attacks, such ransomware, denial-of-service and data breaches that cause immediate disruption and financial loss. But as organisations evolve and mature with their cyber defences, threat actors are adapting, shifting toward more covert tactics.
A new breed of adversary is emerging: the stealth hacker.
These threat actors employ persistent, low-profile tactics designed to quietly infiltrate networks, exfiltrate sensitive data, and remain undetected for extended periods.
Their objective is long-term access. By embedding themselves deep within corporate systems, they methodically extract value whether it’s financial assets, credentials or confidential information, all without triggering immediate alarms. In many cases, their presence remains unnoticed for weeks or even months – and by the time they are discovered, the damage is already done.
According to IBM’s Cost of a Data Breach Report 2024, it takes an average of 204 days to identify and 73 days to contain a breach – nearly 9 months of undetected exposure.
Why mid-market organisations are at risk
Research shows that 75% of small to medium-sized businesses do not survive more than six months following a major cyber incident.
While large enterprises typically have mature security operations, mid-sized companies often lack the in-house expertise or budget for advanced threat detection and response – making them prime targets.
In the 2023–24 financial year, the Australian Cyber Security Centre (ACSC) reported that medium-sized businesses experienced an average financial loss of $62,870 per cybercrime incident.
Globally, nearly 61% of mid-sized organisations reported experiencing at least one cyber attack in the last year, according to a recent Accenture report.
The stealth hacker’s entry point: Business Email Compromise (BEC)
Phishing remains the most common initial attack vector, with attackers using highly targeted, socially engineered messages. Spear phishing in which attackers impersonate trusted contacts or suppliers is particularly effective.
According to the Australian Signals Directorate (ASD), the most frequently reported cybercrimes against Australian businesses include:
- 19%: Business email compromise (no financial loss)
- 15%: Business email compromise (with financial loss)
- 11%: Identity fraud
Even without financial loss, unauthorised access through email compromise opens the door for long-term infiltration and reconnaissance – allowing threat actors to monitor and ultimately exploit internal systems.
Real-world example: In 2023, NSW property firm LJ Hooker suffered a BEC attack that led to more than $300,000 in fraudulent transactions across multiple clients before detection.
More recently, in South Australia, a homebuyer was deceived into transferring $813,000 to a fraudulent account via a spoofed conveyancer email. Only $505,000 was able to be recovered.
These incidents reflect the broader shift toward long-dwell, financially motivated intrusions that exploit trust and weak authentication protocols.
What happens after the breach
Once inside, stealth hackers don’t rush. They observe.
They map internal systems and organisational workflows, often focusing on finance teams, executives and accounts payable functions. Attackers monitor emails to mimic tone, language and timing – making their fraudulent requests appear legitimate.
The goal is not a one-time exploit, but sustained, covert access that enables ongoing fraud or data theft.
Verizon’s 2024 Data Breach Investigations Report found that 94% of breaches involving social engineering came via email, with business email compromise accounting for more than 50% of those.
Security best practices to mitigate threats
Too often, security providers like AUCyber are brought in only after a breach. At that point, the focus is on damage control and incident response.
Instead, organisations must shift to a proactive, risk-based cyber security posture. For high-value sectors such as financial services, law, property and healthcare, the cost of inaction is simply too high.
Implementing strategic defences
AUCyber works with enterprise and mid-market clients to implement key foundational controls, including:
Enforcing multi-factor authentication (MFA) across all systems, using secure protocols like FIDO2
Restricting logins by geography and device
Validating system and account permissions regularly
Conducting proactive monitoring and threat detection
Crucially, these capabilities are most effective when combined with dedicated cyber expertise.
The case for 24×7 threat monitoring
Continuous monitoring is essential but difficult to maintain in-house for most businesses. Outsourcing this function to a specialist provider is not only more cost-effective but ensures round-the-clock monitoring.
AUCyber delivers 24×7 Managed Detection and Response (MDR), providing ‘eyes on glass’ to identify and neutralise threats within minutes (not days!)
Our team commits to responding to and containing verified threats within 30 minutes, protecting your business before damage escalates.
Prepare, don’t react
Endpoint attacks are becoming more stealthy, more targeted and more damaging. As the attack surface grows, so too must your ability to detect and respond in real time.
Security maturity isn’t built overnight, but with the right strategy and trusted partners, it’s within reach.
When it comes to securing your business, prevention is always more powerful than reaction.
