Australia’s ‘false sense of security’ as hack attacks continue: Kroll survey
Corporate Australia has been in ‘a bit of a bubble’ which gave it a false sense of security when it came to cyber attacks, says Kroll’s Asia-Pacific chief Paul Jackson.
Corporate Australia has been in “a bit of a bubble” which gave it a false sense of security when it came to cyber attacks, says Kroll’s Asia-Pacific chief Paul Jackson.
The security firm will on Tuesday release a new report on cyber incidents in the region, recording a significant increase. But Mr Jackson said Australia had not been specifically targeted.
“Everyone is being targeted. The attackers are going after everyone who has gaps (in their cyber systems), and clearly these companies had gaps,” he said.
“But Australia has been in a bit of a bubble, a bit isolated. Perhaps there was a false sense of security about what’s out there globally.”
The Kroll survey, conducted before recent attacks on Optus and Medibank, shows 72 per cent of Australian businesses reported having had a cyber incident over the previous 12 months – much higher than the regional average of 59 per cent. But Australian companies were the least likely to have an incident response plan in place to handle a cyber attack.
Alex Nixon, head of cyber risk for Kroll Australia, said the numbers “do not make for comfortable reading for corporate Australia”.
“We shall all be concerned that Australia is at the bottom of the list for incident response planning, something the government is encouraging every major organisation to participate in.
“The report shows that cyber risk has never been more important and that business interruption, data loss and reputational damage are the key factors we should all be preparing for.”
Mr Jackson said well-organised criminal networks around the world, including Russia, were becoming increasingly sophisticated in their cyber attacks and their ability to onsell data to other criminals over the dark web.
He said they were also constantly on the lookout for human weaknesses in companies’ systems, ranging from single-factor identification log-ins to phishing emails and targeting disgruntled employees.
Passwords and personal identification details were being sold on the web, he said, with criminal gangs using high-speed computer programs to try passwords and use personal identification gained from one source to access other sources.
Mr Jackson said the rise of more secure bitcoins – and the emergence of a “privacy token” coin called Monero – had also enabled easier payment of ransoms to criminals. He said 93 per cent of companies in the US that Kroll had surveyed had reported cyber attacks over the past year.
He said stricter regulations and reporting requirements in the US meant that companies there were more aware of the threat from cyber criminals, particularly those in highly regulated sectors such as financial services.
He said higher fines and regulatory penalties and making companies responsible for the privacy of the data they held would put more pressure on the top levels of companies to take more action.
The report shows that the biggest concern of companies in Australia was loss of data – cited by 61 per cent of those surveyed – followed by business interruption, cited by 51 per cent, and reputational damage at 44 per cent.
But he said concern over fines arising from regulatory sanctions in Australia was relatively low at 38 per cent – potentially a sign that fines were too low and not acting as a deterrent to management.
More Coverage
OpenAI rejects Elon Musk’s takeover offer
The ChatGPT maker’s board unanimously turned down the billionaire’s unsolicited $153bn bid.
‘Alarming trends’: Why this carmaker dumped EVs
Ineos Automotive – the carmaker which says it gave a home to 4WD ‘refugees’ – reveals why it has parked EVs and how it plans to win customers with big diesel and petrol engines.