The ball barely dropped at Times Square and the first data breach of the new year was already reported. Thirty thousand state Austrailian civil servants had their details stolen when a directory was downloaded by an unlicensed 3rd party, thought to have been ‘phished’ in the state of Victoria.
This political level breach including work emails, phone numbers and job descriptions, has been reported to law enforcement agencies, the Australian Cyber Security Center and obviously the press are having a field day.
The data set did not, thankfully, contain banking information, but the threat in terms of identity theft and the severe infringement on privacy is crystal clear.
Shortly after the first 2019 hack Dublin’s tram system (Luas) faced a cyber-attack with a ransom demand. Hackers claim they have access to the organizations’ systems, highly reminiscent of the breach in 2016 to the San Francisco transport systems. Luas informed their customers about the disruption and told them they would be updated via Twitter, Facebook, AA Road Watch and the media .
The Australian government rolled out a similar response to US. State level cyber hacks and ransom attacks, where they have pledged to put ‘better protection in place’ to prevent futures hacks, although this is obviously left deliberately vague in describing steps that could be taken.
Maybe, this has little to do with political posturing and is really more in response to the fact that with ever-developing technology, we simply can’t get one step ahead of the bad guys, yet.
Whilst policy makers mumble under their breath, that all this fraud is simply a reaction to an overdependence on technology, we must take a very solid step back to review the wider picture.
We are not overly dependent on technology, in fact, we are living in times when the tremendous advantages of technology are hardly utilized enough, from green technology, to terrorist prevention, through to medical supplies, the safety of our future will depend on advancing technology at greater and greater speeds.
The cybercrime, however that comes attached, top of the list: privacy invasion, cyber fraud and identity theft, are new issues that we will have to come to terms with as a part of everyday business.
The incident in Australia follows a year wherein large data breaches have simply become the norm. These penetrations have included billions of user accounts, 2 billion Facebook accounts to be precise, 150 million health statuses to name but a few.
Stealing records is an event that has happened 291 times for every second of every minute in the first half of last year, according to security company Gemalto.
With the GDPR fully in force and the California Law hot on the heels, it would be good advice to get a company security audit, with an experienced pen tester to start off the new year. The responsibilities of companies to protect data will only multiply as the year goes on and hackers try to create more chaos and make a name for themselves with bigger targets.