According to Guy Bunker, UK technology expert, Australia should take this wake-up call after recent cyber-attacks that happened overseas.
Due to a cyber-attack last week, around 750,000 of JAL (Japan Airlines) customers’ personal information was leaked. Earlier this month more than 100 female stars got their explicit nude photos leaked on the internet.
Australian businesses aren’t taking any of these cyber-attacks seriously,- that was a warning from the head of Australia’s corporate regulator. Greg Medcal, chairman in Australian Securities and Investments Commission said in March, that each attack that happens in Australia cost around $2 million. He also said that there is potential that cyber-crime had the probability of becoming the next “black swan event”.
Clearswift‘s chief technology Officer Dr. Bunker believes that Australia is five to ten years behind the UK and US in protecting customer’s sensitive data and information and claims that data breaches here are continual and more common than what is disclosed.
Dr. Bunker said – “In the UK, America and Europe, we’ve been hardened”. “In general, organizations are better prepared through a huge number of small attacks.”
The residents of Australia are much more vulnerable due to the lack of specific laws to protect privacy as there is simply no legal obligation for companies to notify affected users in case of data breach.
Dr. Bunker continued by saying that “Australia is behind the curve, not least because of privacy laws. Those laws drive the adoption of security. The threat is no greater (in Australia), but because of the lack of privacy laws, you are more vulnerable”.
It is still not known whether credit card or bank account information during the JAL attack was compromised, but Dr. Bunker implied that hackers getting their hands on details of other customer could be just as bad.
The following was said by Dr. Bunker – “They weren’t able to siphon off credit card information but that’s almost by the by because the cyber criminals are after other information: names, addresses, email addresses, birthdays — enough stuff to create a perfectly tailored phishing email”.
If and once they acquire such information, it is enough for the hacker to create a fake email looking similar to what trustworthy business would send and potentially lure the customer in to the trap, making him enter his credit card information.
“They know where you live, they know everything about you, so they create an email that says ‘You get a special discount if you book through this website’ and, bang, they’ve got your credit card number,” Dr. Bunker spouted.
It is common that most companies store the information that very often composes the same answers to questions used in online banking password resetting, i.e. maiden names and most commonly birth dates.
“That’s where the real threat comes from,” Dr. Bunker continued.
Clearswift research shows that employees in Australia are the culprits in over 44% of the cases of data security breaches.
20% of Australian organizations and companies blame their ex-employees for being a source, twenty one per cent blame partners or suppliers and even customers.
Dr. Bunker has a straight and honest advice for all the Australian companies by saying that “first thing is, it’s not about if you are going to be breached, but when. And it’s often not if or when it’s happened, but when you find out — because it’s happening right now. It doesn’t matter how big or small you are, your data is of use to someone.”
According to him, companies could protect their reputations by simply taking such steps as the use of data-loss prevention systems (such systems allow customer sensitive data to be deleted before the information even leaves the company). The incident with JAL wouldn’t have occurred if it had used system like this.
“If you’ve got a malicious insider, or ‘the enemy within’, you need systems in place that watch for information being used and abused, and traveling outside the organization.”
Dr. Bunker also said that breaches could occur accidentally, simply through the holes in organization systems. Most common mistakes that are made by workers can be the print of sensitive customer data, writing unencrypted data on compact disks or just not being careful with the details held in emails.
“That inadvertent stuff happens a lot. It’s not just cyber-attacks. JAL is a good wake-up call that those systems need to be checked out so the processes around them is secure and protected,” Dr. Bunker noted.
“The first thing is to acknowledge that using the net can be secure but it can also be very insecure.
It is only you, that can tell how much of your data is personal and sensitive, which you frequently use on the internet is also being tracked by your local ISP provider. How many data breach and sensitive information loses and leaks should happen for you to consider starting to take steps in order to protect your personal data and sensitive information? What would be the first steps you should take? Our answer to this question is a VPN solution, one that offers no log policy along with more useful features. Take a look at NordVPN, probably one of the most advanced VPN solutions in this field and start protecting not only your sensitive data but yourself as well in the cyber space.