Hack attack on all business ‘inevitable’, says Michael Sentonas
Experts warn companies to harden cyber defences immediately, with cyber attacks ‘inevitable’ and some Australians having their data stolen three times in just five months.
Australian businesses are being urged to immediately improve their cyber security defences as a cyber expert warned that it was “inevitable’’ every business would be attacked by wannabe hackers.
The Australian Cyber Security Centre revealed cyber criminals were pouncing “within minutes’’ of vulnerabilities being discovered, and company boards needed to understood their “crucial role’’ in ensuring companies invested appropriately to make their networks resilient to attacks.
With some Australians now having had sensitive data stolen three times – as customers of Medibank, Optus and Latitude – the ACSC urged companies to ensure cyber security was a core part of each business’s strategic planning and risk management.
“Companies need to lift their focus and ensure they protect not only their business but the trust of customers,’’ a spokesperson said.
The comments come after another big Australian company, the Harry Triguboff-founded Meriton, revealed it had been hacked.
Michael Sentonas, president of the global cyber security company CrowdStrike, said every company would be targeted by cyber criminals, and each must take steps to ensure those attacks were not successful.
Asked whether attacks on companies were inevitable, Mr Sentonas said “absolutely’’, and businesses needed to prepare accordingly. He said the apparently faster tempo of cyber attacks in Australia in recent months was “business as usual’’ but there were several dynamics at play.
“You’ve got a strong economy, you’ve got seemingly easy targets so there are a lot of people who are targeting Australian companies for financial benefit,’’ he said.
“And geo-politically, we have neighbours to our north who don’t necessarily agree with our government’s policies and the positions (it’s) taking.
“So we’ve got China-affiliated adversaries carrying out attacks.’’
There are no major instances reported where people have been the subject of fraud as a result of having identification documents stolen, and in some cases posted online. Few, if any, personal medical records stolen from Medibank made their way into mainstream social media.
Mr Sentonas said that did not mean the danger was over, and such hacks “had a long tail.’’
“Definitely could happen …. it will get used down the track,’’ he said. “It doesn’t happen necessarily immediately but here’s the thing: no one is going to go to that much effort and not use the data.
“They’re not going to dump the data and someone else isn’t going to be opportunistic in using it.
“The reality is also that sometimes it’s better for the adversary not to use it straight away because people are on heightened alert.
“So you wait … before you deal with that data or leverage that data maliciously.’’
Mr Sentonas would not discuss any individual company’s cyber situation. According to an online case study, CrowdStrike works with Latitude, but the company declined to comment on who its clients were.
Meanwhile, the Tasmanian government confirmed it was investigating claims it had been hacked by Russian cyber gang Cl0P. “The government is aware of these reports and they are being investigated,’’ a spokesman said.
Crown Resorts continues to investigate what data was accessed by Cl0P, although it has ruled out customer records, while the University of Melbourne has determined the group accessed nothing more than cost codes.
Home Affairs Minister Clare O’Neil said the threat of cyber crime was “relentless’’ but most cyber attacks could be prevented.
“We share the frustration of millions of Australia who have been involved in recent cyber incidents,’’ she said.
“Businesses and organisations across the country must work with government agencies to harden their defences.”
More Coverage
‘We need Chinese EVs’ to combat climate change: Uber
The ride sharing giant is partnering with Chinese electric vehicle maker BYD to make EVs more affordable and says high tariffs and US-style bans are not helpful in combating climate change.
Uber urges Aussies to give up second car to fight climate change
Ride share giant Uber says transitioning to EVs is not enough to slash automotive emissions and congestion as it urges Australians to consider giving up their second car.