Australian companies, banks, airports, schools, unis issued cyber security warning after DP World chaos
Australian companies, banks, airports, schools and universities have been issued a stern warning as criminals look for easy money.
Companies
Don't miss out on the headlines from Companies. Followed categories will be added to My News.
Australian companies have been put on notice to sharpen their cyber security in the wake of the attack on DP World that has caused chaos on docks around the country.
Authorities have warned attacks were likely to increase as criminals look for easy money through ransomware, following the Optus and Medibank hacks last year.
The investigation into what caused the outage at DP World over the weekend remains ongoing, as tech experts zero in on the problem.
Hamish Hansford, deputy secretary of cyber and infrastructure security at the Department of Home Affairs, said banks, airports, schools and universities should be reviewing their security plans now.
“You see what a disruption of this magnitude causes; it can have devastating consequences,” he said.
The DP World attack comes just a fortnight after the Department of Home Affairs released a review into cyber security that warned spies in suits were now a more likely threat than terrorism.
Mr Hansford said the investigation into the DP World attack was “still a work in progress”.When asked if the hack could only have been carried out by hackers supported by a foreign country, he said: “There are a range of actors and we just don’t know the answer at the moment. We do know that criminals are motivated by profit; things like ransomware attacks are all about profit.”
DP World moves more than 40 per cent of Australia’s freight, with the weekend’s shutdown raising fears of disruptions to deliveries for retailers for Christmas.
The hack stopped them from offloading thousands of containers from ships at ports across Australia.
DP World contacted the Australian Cyber Security Centre to alert them of the hack.
Mr Hansford said companies needed to think about their own security, but also where they fit in the supply chain.
“Have a plan to respond, work out who does what … and then to have those contacts into the government,” he said.
It comes after the corporate regulator demanded company bosses make combating cyber threats a top priority.
In a report released on Monday, the Australian Securities and Investments Commission found big gaps in corporate defence against hackers, including a lack of planning for breaches and lack of capacity to protect confidential information they hold.
ASIC’s survey of 697 organisations found that a third did not have a cyber incident response plan, 58 per cent had limited or no ability to protect confidential information and 44 per cent were not managing cyber risk in their supply chain.
“For all organisations, cyber security and cyber resilience must be a top priority,” ASIC chair Joe Longo said.
“There is a need to go beyond security alone and build up resilience – meaning the ability to respond to and recover from an incident,” he said.
“It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cyber security risks.”
The DP World incident comes after Optus was hacked last year, putting at risk the personal details of more than 10 million customers.
The communications giant had tried to stop a report into that attack being made public in a court case last week.
The 14-hour outage on Wednesday was the result of a failure caused by a routine software upgrade, not a hacker.
Medibank was also hacked last year, with customer data leaked on the dark web.
stephen.drill@news.com.au