The theft of personal information from 11 million Optus customers last week revealed the lax internet security in Australia.
Minister of Cybersecurity Claire O’Neal described the intrusion of the country’s second-largest telecom as “a simple hack,” but Optus refuted this, saying the data was “encrypted” and protected by “several firewalls.”
A few specialists weren’t persuaded, but that’s only the beginning of Australia’s internet security flaws, according to one computer analyst, who said that since significant industries “don’t have a clue,” millions of Australians are now vulnerable to hackers.
Technology futurist and keynote speaker Shara Evans claims that worldwide hackers find Australia to be an easy target.
The common practice of transmitting sensitive information through unencrypted email is a particularly visible flaw.
According to Ms. Evans, Australian businesses “don’t appear to have a clue” about the danger this poses.
I am unable to estimate how often healthcare providers will send you information that is not encrypted.
If your doctor says they will send a prescription to your pharmacy, they will include your date of birth and Medicare number in the plain text message.
Ms. Evans, a former executive at US telecommunications behemoths Alcatel, Sprint, Telenet, and GTE, discovered another high-risk location where confidential information is being sent.
“An address, policy number, and date of birth are supplied via email with every insurance renewal,” she stated.
Without encryption, you are depending on the client to have started using SSL or TLS, two security technologies that most people have never ever heard of.
“You’re depending on people configuring every single device they use to access email in accordance with a given standard, and the center likewise has to have its email configured in accordance with that specification.”
“Everything about you is there if someone has faked your email or managed to access it,”
Safe Sockets Layer encryption is known as SSL, and its more up-to-date and secure equivalent is TLS (Transport Layer Security).
When a hacker sends an email that seems to be from a reliable source, this is known as email spoofing.
The bogus email may invite the recipient to reply with personal information, including financial information, or to launch malware or spyware on their computer.
Nigel Phair, director of the UNSW Institute for Cybersecurity, concurs that Australia is vulnerable online and that the risk is only increasing.
He told Daily Mail Australia, “We’ve got to do a lot better in Australia when it comes to cyber-crime.”
The Australian Cyber-Security Centre reported receiving 63,000 reports last year; however, I believe it only represents around a quarter of the true amount.
Approximately $2 billion in losses from scams were reported to the ACCC.
“I believe that is much too little,” you said.
We still have a long way to go until our nation as a whole adopts internet hygiene.
The Optus incident, according to Mr. Phair and the cyber-security minister, “was a breach we shouldn’t expect to see in a significant telecoms operator.”
No, that shouldn’t have occurred, Mr. Phair said.
“I am hopeful that other firms in the ASX top 200 and below are actually taking a serious look at their risk processes on the back of this,” said the author.
They should consider this question: “Why are we gathering data?” Who is accountable for it? Why is it being kept? and how it will hopefully be removed in the future.
Why should businesses be permitted to gather such vast amounts of data when customers are not truly making informed decisions?
Ms. O’Neal said she had learned about alarming security flaws in significant Australian corporations from inside sources.
These included not “silosing” information and unprotected servers in basements.
Siloing refers to the separation of different components of a person’s data so that if a hacker gains access to one digital “silo,” they do not have access to the complete dataset that may be used to create an identity theft profile.
Every firm, according to Ms. Evans, must “separately keep personal information with audit trails, numerous firewalls, and encryption.”
The sanctions that may be levied on Australian businesses for serious security breaches were criticized by Ms. Evans and Mr. Phair.
The privacy commissioner, also known as the Australian Information Commissioner, has a $2 million maximum penalties that she may impose, which Ms. Evans called a “slap on the wrist.”
Since 2016, the EU has had substantially stricter privacy legislation in effect.
According to such statutes, the maximum penalties for privacy violations are €20 million ($29 million) or, if greater, 4% of a company’s worldwide sales from the year before.
The fact that Australia’s punishments for data breaches “are quite minimal compared worldwide,” according to Mr. Phair, a former AFP officer who helped develop the agency’s High-Tech Crimes Unit, is probably more alarming than the fact that they have never been used.
Since three or four years ago, there have been penalties for data breaches, but the data commissioner has yet to impose one, according to Mr. Phair.
“Yes, we need greater penalties,” we may say, “but how about we utilize the fines we now have first?”
Many people may not realize that a date of birth is the most private information that hackers are looking for, according to Ms. Evans.
It can take years before something is utilized once it is in the hands of evil people.
You are vulnerable to identity theft if your date of birth is compromised, Ms. Evans added.
You should be watchful for the rest of your life because once your data is hacked, it sometimes takes years before someone does anything to you.
A hacker who has access to a victim’s birthdate and other personal data might at any moment start a credit account in that person’s name.
Ms. Evans stated, “I would never know about that.
The only way to restore your birth date after it has been lost is to pass away.
The cyberthreats, according to Mr. Phair, are only growing.
He remarked, “People need to be really watchful online.”
The scope and longevity of fraudulent accounts are astounding.
The Optus attack, according to Mr. Phair, is probably going to be our greatest hack simply because of its potential effect, but it is far from the end of the narrative.
He remarked, “This is a data breach like many others that we’ve had.”
You already know that the future holds many opportunities for us. Watch for that and more.