HWL Ebsworth, a law firm in Australia, seems to have been hacked by Russian hackers. The incident has sent the Albanese government into a tizzy, prompting the opening of a crisis group in response. Dubbed a major hack in Australia and again targeted by a Russian-linked ransom gang called BlackCat or AlphV, the incident kept the government on high alert. The ransomware gang was revealed to have stolen data worth 4 terabytes. The data contains contracts worth tens of millions of dollars across a minimum of 40 government departments and agencies.
Although information from the response group set up by the Albanese government is sketchy, it is said to be examining the type and quantum of data stolen by hackers. The government agencies said to be caught up in the hacking incident include the Australian Taxation Office, the Australian Federal Police, and the Department of Defence and Home Affairs. Importantly, the Defence department seems to have been targeted by hackers, as evident from the publication of online reports related to defence matters.
According to Manish Chaudhari, CISO, Cybernetic Global Intelligence, an accredited global leader in providing advanced Cybersecurity consulting services, hackers are attacking most Western organisations with impunity. Mr. Manish Chaudhari further points out that Australian organisations or companies are vulnerable to such attacks due to a lack of urgency among such entities in implementing strong cybersecurity measures.
Targeting High-Value Targets
The hackers seem to be targeting high-value targets, including government files pertaining to a top-secret missile testing site in Woomera. They are also eyeing Australia’s engagement in the Indo-Pacific and the Navy’s attack helicopter replacement project. Two government agencies, the Office of the Australian Information Commissioner (OAIC) and the NDIS Quality and Safeguards Commission, have reported a loss of data due to the hacking attack.
Paul Fletcher, the Shadow Minister for government services and the digital economy, was categorical in stating that Australia faces threats from terrorism and that foreign actors are targeting the country by launching cyber-attacks regularly. He further urged the Albanese government to take all necessary measures to secure the compromised data. According to him, any government action would require the affected company to be transparent about data loss, its implications, and the measures being taken to support third parties.
The law firm HWL Ebsworth has obtained an injunction from the Supreme Court of NSW to not only prevent hackers from disclosing stolen information but also the media from reporting the matter. The firm is said to have understood the massive impact this incident has had on its affected clients. Moreover, it is said to be working with the Australian Cyber Security Centre and other government authorities and law enforcement agencies. The Cyber Security Minister, James Paterson, stated that such malicious activity of this scale cannot go unaccounted.
This brings us to the question of why companies are repeatedly falling prey to hackers, resulting in customers losing confidential information. The reason has much to do with the way cybersecurity measures are implemented across companies. Many companies, especially in Australia, New Zealand, and the Asia Pacific region, find themselves vulnerable due to a lack of cybersecurity awareness among their employees. This brings into sharp focus the importance of cybersecurity awareness training.
Why Have Cybersecurity Training?
In many hacking incidents, attackers exploit the lack of awareness among employees regarding cybersecurity risks. By using tactics like phishing or social engineering, hackers can deceive unknowing insiders and gain access to sensitive information. However, organisations can prevent a significant number of such attacks by providing thorough cybersecurity awareness training to their employees. Ignorance is no longer an option when the potential damage caused by a single employee is considered.
Cybersecurity awareness training aims to educate employees about the risks involved and the methods hackers employ to infiltrate systems and databases. They learn about best practices for cybersecurity and become familiar with various threats. This training, preferably conducted by an experienced consulting cybersecurity company like Cybernetic Global Intelligence, enables employees to identify threats, avoid risky behaviours, and promptly report any suspicious activity.
Implementing cybersecurity awareness training or measures like red team pen testing can help businesses mitigate or even eliminate data breaches, foster a culture of security awareness, safeguard their reputation, prevent financial losses, and protect investments. Furthermore, organizations may face severe penalties if they fail to provide employees with cybersecurity awareness training at least once or twice a year, as required by standards such as PCI-DSS, ISO, or NIST.
It is crucial for every member of the organisation to attend the training sessions, which should cover the latest trends in cybercrime, malware, various forms of social engineering, mobile security, password security, remote working, social media safety, privacy, and other relevant topics. For example, Cybernetic Global Intelligence’s cybersecurity awareness training encompasses all of these subjects and more, including physical security awareness. The latter component focuses on teaching employees to recognise and prevent incidents like theft, tailgating, vandalism, fraud, data protection, and espionage.
The recent ransomware attack on HWL Ebsworth has highlighted the vulnerabilities that many organisations face. Cybersecurity experts, such as Ravin Prasad, CEO of Cybernetic Global Intelligence, are urging businesses to invest more in security measures, such as for web application cybersecurity, particularly by providing comprehensive training to their employees and other stakeholders. If you seek a robust cybersecurity infrastructure devoid of vulnerabilities, consider engaging the services of Cybernetic Global Intelligence, one of the world’s top cybersecurity support services. To learn more, please contact us at 1300 292 376 or email us at firstname.lastname@example.org.