Being labelled as ‘one of the worst data breaches in Australian corporate history’, the recent cyber attack on Optus has left many anxious customers in its wake. This article explores the recent Optus and Telstra attacks and why Cyber Security is so important.
It has been a double whammy recently for Australian telco companies getting blindsided by cyber attacks, resulting in millions of Australian Optus customers lining up to get licences, passports and medicare documents reissued to protect their personal data and to prevent identity theft. Telstra, only days later, also experienced a data breach involving the data of 30,000 employees being leaked.
For good reasons, Cyber Security is now taking centre stage and becoming a major concern for everyone in Australia, from individuals through to major corporations.
Whenever a system or network is accessed by a third party without proper authorisation it is referred to as a cyberattack, with the individual or team behind the breach referred to as a hacker or cyber attacker.
Cyber attacks can have a number of undesirable outcomes for companies, including anything from data theft impacting customers, through to internal embezzlement and loss of money. The sting on the business bottom line, reputational damage and loss of customer base are just some of the negative effects a cyber attack can have on a company.
Increasingly, there are more varieties of cyber attacks being created by hackers and discovered by Cyber Security Professionals. While there are several types of attacks commonly carried out, here’s the top three.
A malware attack is a frequent go-to for hackers and refers to the malicious software viruses including ransomware, spyware and trojans.
The basic tactic of malware is to seek out vulnerability in a network or system. Generally it will be triggered by a user clicking on a link, which sets off the download of an email attachment. In the case of ransomware, a user’s access to different components of their network or systems will be blocked.
Spyware comes in the form of software, which when downloaded can steal all of a user’s data, often without user knowledge, with trojan viruses posing as genuine software and resulting in the same outcome.
Another heavily used approach by hackers is known as phishing. Cyber criminals essentially pretend to be a known and trusted contact, writing and sending emails to users. If the user opens and reads the email and clicks on the link within it, this will result in the hackers gaining access to the user’s accounts and associated data. Malware can also be installed via this tactic. While some attempts at phishing may be very obvious, there are many becoming more sophisticated and harder to detect.
Cyber criminals are increasingly using Structured Query Language (SQL) injection as their doorway to gaining system access to manipulate databases. Administrative rights can also be accessed with this approach.
Essentially, the hacker injects code into what they determine to be a vulnerable search function box on a website, which if not protected, will force the system server to display important data.
Word on the street is Optus accidentally gave public access to an unprotected API, causing the vulnerability in its network. Human error, system faults and other ‘unknown reasons’ are also on the hit list for what went wrong as the investigation continues.
The reality for Optus and many older companies is that they have a combination of original computer systems from when they were first established, alongside much newer systems. The mish-mash of old and new can often lead to inconsistencies in security measures, which can lead to higher rates of network vulnerability.
Just days after the Optus cyber security breach, Telstra was making headlines with the data of over 30,000 past and present employees being leaked. It has been reported that it was a third party who ran a rewards program for the organisation staff which was attacked.
Data scraping is the approach that’s claimed to have been used during this latest round of telco hacking, which is when old information is grouped together in the hope it can be sold as current data. The cause of the breach is still being investigated, but resulted in basic data such as names and email addresses being leaked.
The recent cyber attacks on Optus and Telstra underline why Cyber Security is a must-have for companies of all sizes with. As well as protecting them from reputation-destroying data breaches, a strong Cyber Security posture will shield businesses from massive financial losses.
For Australian businesses, the average price tag of a data breach is $3.35 million (a 9.8% increase year-on-year). Beyond this initial cost, the financial impacts of a cyber attack are reported to last several years after the attack, while there are other long-term detrimental effects, such as the reputational damage and potential loss of customers.
All this means safeguarding company data and investing in quality Cyber Security measures is crucial. With ongoing digital transformation across all industries, the demand for Cyber Security professionals greatly outweighs supply.
Completing practical, hands-on training in cyber security is a great way to take your first steps on this career path. Whether you’re already an IT professional seeking to upskill, or keen to launch a tech career from scratch, ensuring you have the essentials under your belt is the best way forward.
Our Cyber Security Engineering: Transform course will give you technical skills and strategic mindset that today’s Cyber Security Professional needs, taking you from beginner to job-ready, and also coming with access to a Career Support Program that helps 97% of graduates straight into the industry.
If you have any questions, our experienced team is here to discuss your training options. Speak to a course advisor today and take the first steps in your Cyber Security journey.