October is Cyber Security Awareness Month, and a timely reminder for all organisations to review their baseline Cyber Security posture and practices and ensure they're fit for purpose.
Driven by the Australian Cyber Security Centre (ACSC), this year's theme 'Have you been hacked?' shares a different focus area each week and includes assessment tools, email security tips, and practical recommendations on actions business leaders can take to stay secure.
Not only during October, but every month, we're encouraging our network to do better in protecting their businesses from cyber threats and will be sharing a range of our own resources, tips, and checklists with you.
Data Breach Observations
Unfortunately, reading news articles about cyberattacks (such as the current and large scale Optus data breach) and businesses that have fallen victim to hacking is now almost a daily occurrence.
Observations from the most recently published Office of the Australian Information Commissioner (OAIC) Notifiable Data Breaches Report include alarming statistics around the impact cyberattacks, such as hacking, have on Australian industries.
- Consistent with previous reports, malicious or criminal attacks were the largest source of data breaches notified to the OAIC, accounting for 256 data breaches.
- Health Service, Education and Professional Services providers were in the top 5 industries that reported having experienced data breaches.
- Health Service providers also experienced the highest number of hacking attacks, followed closely by Finance, Legal, Accounting, Personal Services and Education providers.
Have you been hacked?
Hacking is defined as 'unauthorised access to a system or network (other than by way of phishing, brute-force attack or malware), often to exploit a system’s data or manipulate its normal behaviour' and is one of the leading sources of data breaches in Australia.
The new ‘Have You Been Hacked?’ tool from the ACSC can help you understand the risks of your personal and business information being stolen or leaked. It will also show you what you can do in response, or help you prevent it from happening.
The tool is simple to use and includes typical warning signs, scenario explanations and easy-to-follow steps on how to remediate the situation.
Scenarios include ransomware attacks, malware threats, email compromise and identity theft, as well as phishing and fake website scams.
Case study: Optus Customer Data Targeted by Hackers
On 22 September 2022, customers of Australian Telco giant, Optus, were notified that after a cyberattack, they were investigating the possible unauthorised access of current and former customers' information.
"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer's personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, Optus CEO.
"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance."
Following the attack, the Hackers behind the enormous data breach reportedly released the personal information of 10,000 Australian customers, including customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers. Since then it has come to light that Medicare numbers have also been exposed.
The ACSC is supporting Optus through the data breach and encourages customers to have a heightened awareness across their accounts to protect themselves from fraud and targeted scams as a result of the attack.
How to protect yourself and your employees from hacking
The ACSC recommends implementing the following processes to best protect yourself and your employees from cyber hacking incidents:
- Always install updates for applications and operating systems when they are available. The longer you delay, the longer you are vulnerable to hackers or malware.
- Use unique, strong passwords that are passphrases for each account (don’t duplicate across accounts).
- Always backup your data so that if your system is compromised, you won’t necessarily lose everything. Make sure the backup hard drive is not left connected to your system after you’ve finished.
- Always practice safe online browsing behaviour and be on the lookout for suspicious links or email attachments.
Diamond IT also recommends:
- Ensuring that you are using modern Endpoint Detection and Response (also known as EDR), rather than traditional Anti-Virus solutions.
- Ensuring that your organisation is using Multi-Factor Authentication.
- Talking to our team about a next-gen firewall such as (FortiGate) if not already installed.
How can Diamond IT support your Cyber Security
If you want to educate your employees on how to identify potential cyber threats and maintain secure password hygiene, our staff education programs and policy and procedure reviews can help.
We offer a range of services that can help you improve the Cyber Security posture of your organisation:
- Cyber Security Health Check
- Cyber Security Awareness Training
- Cyber and Data Breach Consulting and Forensic Analysis
- Disaster Recovery (DR) Planning
Our Business Technology Consulting team are specialists in improving your internal cyber security and is ready to speak with you. Contact our team on 1300 307 907 today.