NewsBite

Hack attack on all business ‘inevitable’, says Michael Sentonas

Experts warn companies to harden cyber defences immediately, with cyber attacks ‘inevitable’ and some Australians having their data stolen three times in just five months.

CrowdStrike president Michael Sentonas says every company would be targeted by cyber criminals, and each must take steps to ensure those attacks were not ­successful. Picture: Sam Ruttyn
CrowdStrike president Michael Sentonas says every company would be targeted by cyber criminals, and each must take steps to ensure those attacks were not ­successful. Picture: Sam Ruttyn

Australian businesses are being urged to immediately improve their cyber security defences as a cyber expert warned that it was “inevitable’’ every business would be attacked by wannabe hackers.

The Australian Cyber Security Centre revealed cyber criminals were pouncing “within minutes’’ of vulnerabilities being discovered, and company boards needed to understood their “crucial role’’ in ensuring companies invested appropriately to make their networks resilient to attacks.

With some Australians now having had sensitive data stolen three times – as customers of Medibank, Optus and Latitude – the ACSC urged companies to ensure cyber security was a core part of each business’s strategic planning and risk management.

“Companies need to lift their focus and ensure they protect not only their business but the trust of customers,’’ a spokesperson said.

The comments come after another big Australian company, the Harry Triguboff-founded Meriton, revealed it had been hacked.

Michael Sentonas, president of the global cyber security company CrowdStrike, said every company would be targeted by cyber criminals, and each must take steps to ensure those attacks were not ­successful.

Asked whether attacks on companies were inevitable, Mr Sentonas said “absolutely’’, and businesses needed to prepare accordingly. He said the apparently faster tempo of cyber attacks in Australia in recent months was “business as usual’’ but there were several dynamics at play.

Meriton reveals it was the target of cyber-attack earlier this year

“You’ve got a strong economy, you’ve got seemingly easy targets so there are a lot of people who are targeting Australian companies for financial benefit,’’ he said.

“And geo-politically, we have neighbours to our north who don’t necessarily agree with our government’s policies and the positions (it’s) taking.

“So we’ve got China-affiliated adversaries carrying out attacks.’’

There are no major instances reported where people have been the subject of fraud as a result of having identification documents stolen, and in some cases posted online. Few, if any, personal medical records stolen from Medibank made their way into mainstream social media.

Mr Sentonas said that did not mean the danger was over, and such hacks “had a long tail.’’

“Definitely could happen …. it will get used down the track,’’ he said. “It doesn’t happen necessarily immediately but here’s the thing: no one is going to go to that much effort and not use the data.

“They’re not going to dump the data and someone else isn’t going to be opportunistic in using it.

“The reality is also that sometimes it’s better for the adversary not to use it straight away because people are on heightened alert.

“So you wait … before you deal with that data or leverage that data maliciously.’’

Mr Sentonas would not discuss any individual company’s cyber situation. According to an online case study, CrowdStrike works with Latitude, but the company declined to comment on who its clients were.

Meanwhile, the Tasmanian government confirmed it was investigating claims it had been hacked by Russian cyber gang Cl0P. “The government is aware of these reports and they are being investigated,’’ a spokesman said.

Crown Resorts continues to investigate what data was accessed by Cl0P, although it has ruled out customer records, while the University of Melbourne has determined the group accessed nothing more than cost codes.

Home Affairs Minister Clare O’Neil said the threat of cyber crime was “relentless’’ but most cyber attacks could be prevented.

“We share the frustration of millions of Australia who have been involved in recent cyber incidents,’’ she said.

“Businesses and organisations across the country must work with government agencies to harden their defences.”

Ellen Whinnett
Ellen WhinnettAssociate editor

Ellen Whinnett is The Australian's associate editor. She is a dual Walkley Award-winning journalist and best-selling author, with a specific interest in national security, investigations and features. She is a former political editor and foreign correspondent who has reported from more than 35 countries across Europe, Asia and the Middle East.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.theaustralian.com.au/business/technology/hack-attack-on-all-business-inevitable-says-michael-sentonas/news-story/e29258237485b3e27a157ccb08398abc