FIIG Securities, the Australian bond broker with $5 billion under advice and 6,000 Australian investors, has become the latest victim of the notorious Russian ransomware gang. This incident brought to the fore the role of IT security consulting in preventing such attacks. The company stated that its systems were being hacked by an “unauthorised third party”. The Russian hacker gang AlphV, aka BlackCat, has claimed responsibility for the attack and has posted screenshots of materials on the dark web. The materials include passports, drivers licences, and reports. The gang claims to have 385 gigabytes of material, which includes confidential data. FIIG claimed to have responded immediately after receiving the threat, but some clients are wary of their data.
This comes on the heels of another cybercrime incident, whereupon AlphV posted around 1.45 terabytes of data on the dark web after the Australian law firm HWL Ebsworth refused to be blackmailed. On its part, FIIG Securities contacted every client by email and advised them about the alleged compromise of their personal confidential information. This includes names, dates of birth, addresses, passports, driver’s licences, tax file numbers, and bank accounts. The firm asked its clients to be aware of phishing emails and change their passwords. Incidentally, it did not tell them about the identity documents that are at risk. According to the spokesperson of FIIG, the company took steps as soon as it came to notice and realised that a breach had taken place.
Clients Irked Due to Delayed Response
She further stated that the company took its IT systems and client-facing portal offline to prevent further access. The company is in the process of restarting its systems safely and methodically. Further, FIIG Securities reported the incident to the Australian Information Commissioner’s office. At the same time, some long-term clients were disappointed by the delayed response. For instance, Jan, the client living in Sydney’s lower north shore, informed them of their status as being hacked. She expressed shock at the situation in which her information could fall into the hands of unknown parties, who could then use it for nefarious purposes. According to her, the fact that FIIG did not offer any word of apology or any hint of compensation for replacing documents is disappointing. Jan was angst-ridden when she received the email from FIIG, as she attributed this to negligence or complacency on the part of FIIG.
As per Manish Chaudhari, CISO, Cybernetic Global Intelligence, an accredited global leader in providing top-notch cybersecurity services, businesses need to be vigilant for such an eventuality. They cannot remain smug in the belief that such attacks are once in a blue moon and do not attack everyone. On the contrary, businesses, whether in Australia, New Zealand, or the Asia-Pacific region, need to guard themselves against complacency and secure their IT systems and networks. In fact, they can go in for a rigorous IT security audit, preferably from ISO 27001 information security auditors. Let us understand what an IT security audit is all about.
Why Is IT Security Audit the Key to Mitigating Cybersecurity Risks?
An IT security audit is a comprehensive assessment of a company’s cybersecurity practices aimed at verifying the implementation of modern mechanisms and processes. It ensures that all security practices and infrastructure align with established industry standards. These may include ISO/IEC 27001-13, the ACSC Essential Eight (E8), the Protective Security Policy Framework (PSPF), the Queensland Government Information Security Classification Framework (QGISCF), the ASD ISM (Information Security Manual), and APRA CPS 234, among others. The benefits of an IT security audit are as follows:
# Identification of Potential System Gaps: It helps uncover any issues or vulnerabilities in the system or network, allowing businesses to undertake proactive measures to mitigate them.
# Regulatory Compliance: By conducting an IT security audit by PCA compliance auditors, businesses can ensure better adherence to established regulatory requirements. This can reduce the risk of penalties and legal consequences for the business.
# Cost Savings and Resource Optimisation: Audits such as the ones by Essential Eight Security Auditors can help businesses save money and prevent the waste of resources. They can do so by identifying and removing ineffective cybersecurity practices and implementing strong measures.
The pervasive threat of cybercriminals in the business landscape is alarming. However, cybersecurity companies like Cybernetic Global Intelligence are well-equipped to help businesses identify and address potential vulnerabilities before they cause significant harm. To learn more, please contact us at 1300 292 736 or send an email to Contact@cybernetic-gi.com.