Recent cyber attacks have led to significant data leaks, and industry leaders fear that Australians are losing confidence in the country’s cyber capabilities.
Over the past three weeks, three cyber attacks have resulted in identity leaks and significant breaches in user confidentiality. One such incident involving MyDeal.com.au occurred when a compromised credential, due to an increase in users, allowed access to the database which stored user information. In total, this attack led to the release of 2.2 million customers’ data, including everything from emails, names, phone numbers, addresses, and birthdays.
In an interview with Channel 9, Professor Sanjay Jha, Chief Scientist for UNSW institute for Cybersecurity stated that “the breach raises serious concerns for the end user’s confidence in using online services and poses a serious challenge for the industry.”
“Compromised credentials should not provide easy access to malicious actors when multi-factor authentication is in place. You would expect more stringent authorisation and access control and network partitioning to protect these critical assets.”
But with these leaks becoming more and more regular, how should the public respond? And what measures are being put in place to ensure our digital safety?
Protecting the community
A simple way to increase online safety is by following the Cyber Security Guidelines released by the Australian Cyber Security Centre. They outline a series of measures which can support businesses to protect their online systems from breaches, allowing customers to feel safe and secure.
Dr Arash Shaghaghi, a senior lecturer in cybersecurity from the UNSW School of Computer Science and Engineering and UNSW Institute for Cybersecurity says it’s clear the newest research on cybersecurity isn’t being implemented fast enough by many industries, resulting in these attacks. If companies listen and respond to this new information, our data may be better stored and protected.
“Users’ data is collected by various services without any control from the end user, and often the data collection to join these services is excessive – leaving end users vulnerable and with limited options when a serious breach occurs,” he says.
“Other parts of the world are investing heavily in technological measures such as Self-sovereign identity, where users would have better control over who has access to what part of user identity and other information”
“We need to enhance investment in practical research and think of measures that facilitate the adoption of the latest technologies to reinforce our resiliency against the growing number of attacks targeting Australia.”
By adopting innovative technological solutions, companies can secure the future of cybersecurity.
The bigger picture
Last month, 10 million Optus customers were hacked when cyber criminals broke into the system and stole personal details including passport ID and licence numbers. The breach revealed that an open port used for testing purposes was left in the final product version, creating an opening which was exploited by the hackers.
While this attack was shocking, it’s not uncommon in the digital world. Professor Sanjay Jha recalls a similar incident when boxing an early version of the Philip Hue bulbs. His team discovered that it was possible to control these devices through similar open ports.
“This was reported to the company who fixed the problem in their future version. A simple penetration testing of servers before deployment could have potentially made such attacks difficult, if not impossible.”
Professor Jha has been concerned about the use of authorisation processes for a long time, claiming that an enforcement of harsher penalties for negligence may ensure future attacks are prevented. By educating businesses and offering better digital support for improving these processes, the public’s data can be protected. But for this to happen, researchers and industry need to come together, working closely to safeguard Australia’s cyber community
“We need to regain the community’s confidence in our cyber capabilities,” says Professor Sanjay.
These inventive solutions to our cyber security problems may just save Australians from further attacks, but it’s up to businesses to implement strategies online and regain public trust.
To learn more about Australia’s cybersecurity, click here.