News of the Optus cybersecurity attack is shocking. The millions of customers potentially impacted by the breach is mind-boggling. But the real startling question is how a breach of this magnitude is still occurring in 2022.
While cyber breaches are a reality for any organisation – large or small-running systems connected to the internet and perfect cybersecurity is an impossibility – what we do know is that cyberattacks, hacks, breaches … whatever you want to call them, are entirely foreseeable.
Each time a cyber incident happens, all organisations big and small should sit up and assess whether this could happen to them.Credit:AP
The magnitude of such breaches can also be minimised by organisations making conscious choices about what to use, hold, store and, if they must store it, storing it securely so it cannot be easily accessed. These choices are not new, and encryption is not a novel, unreachable solution.
There have been far too many cyberattacks where staggering amounts of personal information have been stolen. Think the Target hack in 2013, the Office of Personnel Management in the US in 2014, UK telecommunications provider TalkTalk in 2015, Equifax in 2017 and the ANU in 2018. All of these breaches had variants of the same thing: data theft, varying degrees of highly personal information and, in many cases, the impact of these breaches could have been minimised.
These are all learnable events.
Each time a cyber incident happens, all organisations big and small should sit up and assess whether this could happen to them.
Loading
What makes the Optus breach possibly more astounding is that it is alleged that a subset (some figures put it at 2 million plus customers and former customers) have had their highly personal information stolen. Licences and passport numbers are some examples of data that Optus believes may have been accessed.
Unconfirmed reports suggest that access to the sensitive customer data was through what is known as an Application Programming Interface, also known as an API. This is an interface that allows two applications to talk to each other, such as when you use the weather app on your phone, the app uses an API to get the weather. In this case, when that API is on a system connected to the internet, if it is not secured properly, you have left the door open to allow the cybercriminals to start extracting data out. They will grab any data they can grab – in this case valuable customer data.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Business News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
