Over the past couple of months, news of high profile cyber incidents and data breaches has continued to make headlines across Australia. Starting with the Optus data breach in late September, followed by Medibank, MyDeal (Woolworths), Vinomofo, Australian Clinical Labs, and Energy Australia, the list of names just continues to grow.
When the news of these latest breaches started flooding media outlets recently, I was left scratching my head. Why the sudden interest? Working in the cybersecurity industry, I see stories of new data breaches around the globe daily. Perhaps I’ve become desensitised, but for the Optus breach to catch the nation’s attention in such a way, was somewhat surprising, and as news broke about subsequent breaches, the interest appeared to intensify.
I was left questioning if I was alone in my thinking, so I turned to my LinkedIn network, which is primarily made up of other cybersecurity industry professionals and business leaders, to ask what they believed was causing the sudden increase in data breach reports?
Here are the results:
- 43% thought "More media focus & regulations" to be the answer
- 30% believed there was "No rise, just big-name targets" were causing a media stir,
- 21% voted for "Aussie business being targeted", and
- 7% of respondents voted for "Other" reasons
The results were surprisingly divided.
One respondent, who voted for “Other”, pointed to a disconnect between the heightened level of awareness, and an actual commitment to do the required work to keep a business safe, stating:
“I'd say although awareness is present, there is a mismatch between what needs to be done to secure systems vs resources. I updated two Linux VMs today, over 70 updates each since last week. OpenSSL has an upcoming patch.
I see a mindset that indicates that just because edge and internet aware devices are working, they don't need proactive attention. I see it on my firewalls, consistent login attempts, port scans and visits from hostile IPs.”
A regular patching schedule is very critical to any organisation and having outdated or un-patched software or devices can undoubtedly leave a business open to attacks, but it should go without saying that businesses need to take other proactive measures in order to stay protected. Although there are certainly breaches which occur as a result of outdated software, it’s unlikely the only answer to the recent rise in reports.
Another commenter provided some food for thought, stating:
“My take is this:
1) Business care about making money not security. I do not see this changing until there is laws that make it change (that are enforced)
2) Cyber security is everything from policies to network security to physical security. There is no point running the most secure system if the cleaner can walk in the server room and plug an infected USB in. It must cover everything.
3)There are legacy systems that sometimes cannot be secured. The business needs a plan to phase out these systems. Most of the recent breaches were rumored to be to legacy parts of their systems.
None of these 3 things have changed, insanity is doing the same thing and expecting a different result.
I believe the breaches haven’t changed just the fact they must now be reported (and not swept under the carpet) has.”
Businesses absolutely need to prioritise a holistic approach to security, and it’s especially important to adopt a defence in depth approach, with multiple layers of security across all facets of the business. However, this commenter’s note that the breaches themselves haven’t changed, but the reporting and regulations have struck a chord with me.
More media focus and regulations
It’s undeniable that the media scrutiny over data breaches has increased tenfold, and to me, this spotlight on cybersecurity can only be a good thing. The media attention alone will help to hold businesses more accountable and make customers more aware of their data security, but recent regulatory updates and proposals will only further aid with this.
Earlier this year, the Australian government made changes to the Security of Critical Infrastructures Act, which came into effect fully on the 8th of July 2022. Now, businesses in specified sectors or critical infrastructure asset classes are required to report critical cyber security incidents to the Australian Cyber Security Centre (ACSC) within 12 hours, and they must notify of non-critical cyber incidents within 72 hours of becoming aware of the incident. You can find out if your business is affected here.
Non-compliance with the Act will incur up to 50 penalty units, equating to a fine up to $11,100, which for many of the businesses that have made headlines for data breaches recently, is a drop in the ocean, and for most SMBs it could be a painful lesson. Regardless of the cost of a penalty, the required compliance has likely had some impact on the influx of recent data breach reports.
According to the Minister of Cyber Security, Clare O’Neil, the Albanese government have also introduced a new policing model which aims to proactively disrupt cybercriminals, A global counter-ransomware task force, a new cyber response function in government to support and protect victims post cyberattacks, and they have proposed new amendments to the current privacy law, which will see fines for repeated or serious privacy breaches go from the current AUD $2.2 million, to around $50 million. If implemented, these changes should all help us to see increased reporting in the future, and a corresponding shift in cyber preparedness as a business priority.
No rise, just big-name targets
When Optus’s data breach was announced, it caused a media flurry. Quickly followed by a series of other breaches, I simply assumed that the media had found a subject that had temporarily captured the attention of everyday Australians, and they were eager to get clicks, so they were running with it. From the poll results, it seems that many agreed with this train of thought. However, in a single month, seven Australian businesses that are household names, publicly identified breaches to their networks which resulted in customer information being leaked. It’s more reports in a single month than any other time in Australian history, indicating that it’s not just media hype.
While overall, data breaches in the first six months of 2022 dropped 14% on the prior period, large-scale breaches involving the data of 5,000 or more Australians increased 33%. Globally in Q3, data breaches of all sizes increased by 70% on Q2. Given the recent regulation changes and proposed policies, coupled with the recent headlines, we can likely expect to see this upward trend continue for Q4, particularly for Australian businesses.
Aussie businesses being targeted
While this response received the fewest votes in the poll (aside from ‘Other’), it seems that there may be some truth in the theory with one in five respondents choosing it. After the announcement that Medibank was refusing to pay a ransom for the return of their customer data, the hackers retaliated and “the details of Medibank customers were posted on a blog that has been linked to REvil, a ransomware gang with strong Russian links.” The Australian Federal Police have since confirmed that there was Russian involvement in the hack and warned that Australians need to prepare for more cyberattacks from criminals and states.
As a partner, I value your opinion on the matter. Do you think the sudden influx of reported breaches can be narrowed down to a single answer? Or are there other possible reasons I’m yet to explore?
Keeping businesses safe and secure
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
