Australia faces an increasing number of cyber-attacks where customers’ data is being compromised. Even as the data leaks associated with Optus telecommunications remain fresh in people’s memory, new cases have been reported. For instance, personal data from a marketplace called MyDeal.com.au, which is owned by the largest grocery chain in Australia, appeared for sale on a data leak platform and was then declared as sold. Further, wine retailer Vinomofo disclosed a breach involving its customer database fueling concerns over the efficacy of the Australian data protection laws.
According to Woolworths Group, the owner of MyDeal, the attacker who goes by the name Christian Dior, had gained access to its CRM (Customer Relationship Management) system using a compromised login credential. The attacker too confirmed the ingress into the CRM system of MyDeal was done through password reuse. The data leak affected about 2.2 million people, and the cybercriminal tried to extort money from the organization. Cybercriminals are known to extort money from businesses by giving the threat of deleting data. For instance, the Optus data breach of around 10 million people involved issuing ransom threats of $1 million.
Change in Government Regulations
As a result of these breaches, lawmakers scrambled to make the laws tougher to fight cybercrime. For example, the Telecommunications Regulations 2021 was amended to enable information sharing of a data breach with financial institutions. According to an advisory from the Australian Cyber and Infrastructure Security Center, the changes in the law are likely to limit the impact of the Optus data breach and enable financial institutions and other agencies to implement better safeguards. Furthermore, the government is mulling over imposing higher penalties for violators of the country’s privacy act. So, where does this leave Australian businesses in a challenging and competitive world buffeted by cybercrime? Let us find out.
What Should Businesses Do to Address the Challenge?
In an increasingly interconnected world, businesses are vulnerable to the machinations of hackers. Even though there is a greater awareness of the risks of cyber threats, businesses do not often put their best foot forward in strengthening their cybersecurity infrastructure. The reasons being cutting costs and a smug belief that cybercrime won’t affect them in the first place. However, the above-mentioned incidences lay bare the risks involved in not taking cybersecurity measures seriously. Let us discuss the steps that businesses can take to address the challenge and safeguard both customer and business data.
- Secure 27001 certification: By implementing this certification, businesses can detect and mitigate a range of cyber threats to their IT systems. The certification helps manage the security of sensitive personal and business information, and reduces reputational damage. This internationally accepted standard to safeguard information involves processes, people management, and technology, and assures customers and stakeholders.
- Managed security services: Provide monitoring and management of cybersecurity systems using instruments such as virtual private networks, firewalls, vulnerability scanning, intrusion detection, and anti-virus software. These services can provide round-the-clock monitoring and quick response to threats and compliance needs.
- IT security audits: IT systems in organizations often have vulnerabilities, which can be exploited by cybercriminals to steal data and leave the reputation in tatters. The risk assessment security audits based on industry-accepted standards like CoBIT can secure the IT system of a business from external or internal attacks. Besides identifying gaps in the IT architecture, IT security audits can ensure regulatory compliance as well.
- Red team testing: Here, a group of white hat hackers mimic real hackers and break into the IT system of an organization. By simulating a real-world attack scenario, the red team tests the effectiveness of an organization against cyber crime. For instance, the Red Teams at Cybernetic Global Intelligence are accredited and certified by CREST, CISSP, SANS, CoRBIT5, PCI DSS, and others. The accreditation allows teams to conduct a risk assessment on networks, identify vulnerabilities, and implement security controls.
- Penetration or Pen testing: In this type of testing, ethical hackers try to breach the IT system of an organization to detect risks and vulnerabilities. For instance, at Cybernetic Global Intelligence, pen testing involves gathering information, footprinting, assessing vulnerabilities, exploiting vulnerabilities, and reporting. As an effective tool, penetration testing offers a detailed analysis of your servers, network devices, endpoints, mobile devices, and wireless networks. It helps businesses to prioritise their remediation efforts, and thwart the possibility of cyber attacks.
Australian businesses are increasingly becoming vulnerable to cyber threats. The only way to thwart such attacks, assure investors and customers, and remain competitive is to implement a series of cybersecurity measures. Cybernetic Global Intelligence, one of the cyber security companies, provides an array of services, including the ones mentioned above. By implementing one, two, or more such cybersecurity measures customized to the specific requirements, businesses can prevent data leaks, mitigate risks, ensure regulatory compliance, and uphold brand equity.