The casualness with which the SA data hack impacting thousands is taken in the official corridors of power can be judged by the response of South Australian treasurer Stephen Mullighan. He said, “It’s simply not good enough.” In the incident, data linked to 14,000+ members of a state government agency and held by a third-party firm was illegally accessed by hackers nearly two months ago. In fact, in November 2021, the data of more than 90,000 public servants at Frontier Software, the payroll provider, was hacked.
The recent security breach, linked to a prior cyber attack on Super SA in November 2019, has raised significant concerns. During the 2019 hack, data belonging to 14,011 Super SA members was accessed. In response, Super SA enlisted the services of an Adelaide-based consulting cybersecurity company Contact 121 in 2020 to assist affected members. However, after their contract concluded, Contact 121 retained the member data. The government was informed of the latest breach on August 18, but confirmation only arrived on October 4. All members affected by the 2019 breach were also impacted by this incident.
Improved Cybersecurity Measures: The Need of the Hour
Addressing the situation, government representative Mr. Mullighan stressed the need for improved cybersecurity measures and timely, thorough responses to such attacks. The government is currently investigating why Contact 121 retained Super SA member data on its systems and confirmed that they no longer use the company’s services. Despite the breach, there is no legal requirement for companies to delete client data when it becomes obsolete.
Cybersecurity experts, such as Manish Chaudhari, CISO of Cybernetic Global Intelligence, an internationally recognised provider of cybersecurity support services, emphasise the importance of updated policies and constant investment in data protection to counter the escalating threat of cyber breaches.
How to Prevent Similar Data Breaches
Considering the serious threats posed by the hacking incident mentioned above, it is imperative for businesses to bolster their cybersecurity defences. The Chief Information Security Officer (CISO) at Cybernetic Global Intelligence, a globally recognised Cyber security consulting firm, Mr. Manish Chaudhari, warns that the substantial costs resulting from data breaches caused by such attacks could potentially force most organisations out of business. The only viable solution is to engage IT security consultants and establish robust cybersecurity protocols, including adherence to a host of legal requirements. These can include PCI DSS QSA, APRA CPS 234, ISO 27001, ACSC Essential Eight, and others.
Final Thoughts
It appears that most organisations, government or private, do not have the requisite cybersecurity mechanism or architecture to prevent incidences such as the Super SA data hack. The ones that do have do not appear to be specifically designed for evading threat actors. The motivation behind infiltrating networks is fueled by scanning specific files and directory paths related to military applications, leading to the exfiltration of sensitive data. This underscores the urgent need for businesses to seek Cyber security consulting and implement effective cybersecurity measures.
Notably, these components lack basic stealth or obfuscation mechanisms to conceal their activities, possibly because the threat actor assumed that there was a lack of host-based detection systems in many Android devices.
To get further information on safeguarding your company against potential cybersecurity risks, refer to our blog https://www.cyberneticgi.com/2023/07/13/gaps-galore-in-cybersecurity-an-apra-study-reveals/ or contact Cybernetic Global Intelligence, one of the premier cybersecurity companies, at 1300 292 376 or email contact@cybernetic-gi.com. Or visit our website https://www.cyberneticgi.com/