Cybercriminals seem to have upped their ante and attacked companies with vulnerable IT networks. After targeting several well-known entities, both government-owned and private, they attacked one of Australia’s largest property giants, Meriton, on 14 January 2023. Meriton owns many luxury hotels, apartments, and commercial properties and was founded by property developer Harry Triguboff, who happens to be the sixth-richest man in Australia with an estimated nett worth of $21.2 billion, according to the Australian Financial Review.
With this attack, cybercriminals seemed to have gained access to Meriton’s database and made off with several sensitive personal details of its staff and guests. These may include bank details, birth certificates, tax file numbers, and information related to salaries, disciplinary proceedings, performance appraisals, and others. The data breach incident forced Meriton to warn about 1,889 people to be alert and protect themselves. Further, the guests staying with Meriton were warned that their health information could have been accessed by cybercriminals in the attack. The health information includes details about incidents, such as an ambulance call for an injury, among others. In a statement to ABC, Meriton accepted that it had been the victim of a cybersecurity incident that led to 35.6 gigabytes of data being compromised. Meriton attributed this incident to an unidentified third party.
Meriton confirmed taking all the necessary steps, including informing the Australian Cyber Security Centre, the Office of the Australian Information Commissioner (OAIC), and the affected guests and workers. It warned guests and staff members to be wary of scams and keep an eye on their banking statements. The company said it did not find any evidence that the cyber incident was directed at any specific individual or that any information was misused.
The company assured all stakeholders that it worked closely with leading cybersecurity and forensic IT professionals and took all available steps to protect itself against any future recurrence of such incidents. It promised staff and guests the implementation of enhanced cybersecurity measures to protect the IT networks.
The incident raises questions about the vulnerabilities existing in Australian companies and how the situation can improve. One of the ways to do so is by stringently complying with regulatory standards, such as ISO 27001.
Why Is ISO 27001 Compliance the Key to Mitigating Cyber Crime Incidents?
The ISO 27001 standard is recognised globally as a benchmark for information security management. Ensuring compliance with this standard can yield multiple benefits for any business or organisation, as mentioned below:
- It serves as evidence to customers and stakeholders that the company prioritises information security. It guarantees that the company has implemented appropriate measures to safeguard all information assets, including confidential data such as customer information, financial data, and intellectual property. This helps generate trust among customers and stakeholders.
- It can help any company identify and mitigate potential information security risks, thereby minimizing the likelihood and severity of security incidents. Ultimately, this can save businesses time, money, and resources in the long run by preventing data breaches, downtime, and reputational harm.
- It can provide a company with a competitive edge and help it differentiate from its competitors. Besides, it can demonstrate to potential customers the company’s unwavering commitment to information security.
- Finally, many companies have regulatory requirements that mandate compliance with ISO 27001. It can enable them to meet the requirements and avoid potential fines or penalties.
Companies must recognise the importance of strengthening their cybersecurity defences at all levels. Cybersecurity threats are real, and can strike any organisation or individual without warning. To mitigate risks, they must comply with stringent regulations such as ISO 27001. It is important to seek cybersecurity consulting from experienced and globally accredited cybersecurity companies such as Cybernetic Global Intelligence. With over 20 years of experience in conducting risk assessments and implementing cybersecurity measures, Cybernetic Global Intelligence is well-positioned to assist businesses in Australia, New Zealand, or the Asia Pacific region. For more information, call 1300 292 376 or send an email to Contact@cybernetic-gi.com.