Breach of Australian Celebs’ Health Data and the Role of Cybersecurity

cybersecurity audit

As new technologies make their way into the online domain, cybercrime follows suit. Cybercrime covers a broad spectrum, comprising malware attacks, data breaches, identity theft, digital currency scams, and data theft, among others. As per statistics, about 95 percent of cybercrime happens due to human error, and the global damages from cybercrime are likely to touch a whopping $10.5 trillion per annum by 2025 (source: And to counter the threat, global spending on cybersecurity measures, such as SSAE18 consulting CPA certification, and others, is going to reach $170.4 billion in 2022. Australia is not immune to this phenomenon and has become the target of cybercriminals of all hues. In fact, Australians lost more than $300 million to online scams in 2021 (source:

Among the cases or scams, a data breach at Medibank, the health insurer, has hit the headlines for the theft of 200 gigabytes of data. If that was not enough, in a brazen move, hackers threatened to leak or sell about 1,000 stolen records of prominent people in Australia. The records include the location from which the person received medical services, and the related diagnoses and procedures. This comes after another high-profile hacking incident concerning Optus, the telecom company in Australia. With Optus, hackers exposed the information of about one million Australians, thereby labelling it one of the largest data breaches in Australian history.

The aforementioned incidents highlight Australia’s businesses and entities’ vulnerability in combating cybercrime. Further, as cybercrime becomes more sophisticated, complex, well-entrenched, and comprehensive, businesses cannot take it easy. They need to shore up their defences, say, by obtaining SSAE-18 consulting CPA certification, and assure users about the safekeeping of their data. Let us understand what such a certification entails.

What Is SSAE18 Consulting CPA Certification?

SSAE18 or the Statement on Standards for Attestation Engagement is issued by the American Institute of Certified Public Accountants as an auditing standard. This attestation replaced SSAE 16 and SAS 70, and addresses engagements overseen by a service auditor providing services to the users. It is a series of enhancements that aims to increase the quality and usefulness of SOC reports. The SSAE-18 consulting CPA certification entails companies taking control and ownership of their internal controls, especially those related to the identification and classification of risks. Such enhancements help plug the gaps for businesses in key areas.

Every organization needs to issue its System and Organization Controls (SOC) reports as per the SSAE-18 standard. It helps enhance the quality and content, thereby earning the trust of third parties. Australian businesses are well advised to offer SOC 1 SOC 2 Type 1 Type 2 consulting certification from one of the reputable PCI DSS QSA companies like Cybernetic Global Intelligence. There are three types of attestation reports; SOC 1, SOC 2, and SOC 3. Let us understand what they are all about.

SOC 1: This type of report aims at assuring third parties, such as customers and partners, that the internal controls of a company over financial reporting are effective and kicking. For Australian businesses, a SOC 1 type of report can generate confidence in the minds of stakeholders that they are doing the right thing. The scope of the SOC 1 report covers the IT processes that are used to deliver the services.

SOC 2: This type of report is an engagement conducted under Section 205 of the AT-C and is based on the principles of WebTrust and SysTrust. This contains similar options to the SOC 1 report, with the purpose of evaluating whether the IT systems and processes of a business are relevant to the areas of availability, security, confidentiality, privacy, and integrity. So, businesses that do not have any impact on their clients’ financial reporting should choose this option for attestation.

SOC 3: This type of report does not contain the results of the service auditor’s testing of the controls of a business organisation. It is supposedly a publicly available document that is published in marketing materials and on the websites of businesses. It contains limited information and allows businesses to state their accomplishments without disclosing sensitive or confidential information. A SOC 3 report is usually for businesses that have the marketing of their product or system as their primary objective.


Reports such as the SOC 1 SOC 2 Type 1 Type 2 consulting certification help businesses build trust and confidence in their information systems and processes. It allows any accredited company to audit the systems of businesses and check for gaps that can be exploited by malevolent actors. If you are a business based in Australia, New Zealand, or the Asia Pacific region that seeks such reports to audit and bolster your information processes, then feel free to contact the premier PCI DSS QSA company, Cybernetic Global Intelligence, at 1300 292 376 or send an email to

Post a Comment