Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks.
Reuters > https://www.reuters.com/technology/australia-flags-increased-penalties-data-breaches-following-major-cyberattacks-2022-10-22/
Australia’s telco, financial and government sectors have been on high alert since Singtel-owned Optus, the country’s second-largest telco, disclosed on Sept. 22 a hack that saw the theft of personal data from up to 10 million accounts.That attack was followed this month by a data breach at health insurer Medibank Private, which covers one-sixth of Australians, resulting in personal information of 100 customers being stolen, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data.
New update – https://www.oaic.gov.au/updates/news-and-media/oaic-opens-investigation-into-medibank-over-data-breach
Data security is a serious matter. We witnessed how events unfolded in Australia following the Medibank breach.
Almost all regulations in the world impose monetary penalties, in Millions of dollars , that includes GDPR, PDPC ( Singapore) , Australian federal Privacy Act etc, in Thailand as per PDPA it recommends imprisonment up to six months, or fine up to 500,000 Baht, or both
What is at stake really ? Companies’ reputation, so the Business, and, most importantly, people’s private lives and safety . All are jeopardized if Companies succumb to or even refuse to pay ransom demands , that still invites flurry of other attacks.
In the current politically charged scenario , we expect this kind of attack to happen more regularly.
There are many APTs who work for state govt across the globe and their only mission is disruption..
“An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.[1][2] In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.”
Companies need to tighten their noose and ramp up the data protection policies and awareness of the data safety among employees and customers . A simple hack or spam can put whole company in trouble.
Customers are greatly vulnerable as the only protection for them is due diligence.
There are many methods and one is to validate URLs you receive on your mails ( supposedly spams) if mails are not filtered effectively .
One such tool available is https://www.virustotal.com , copy the URL/ link you received and scan it. if it’s malicious it will warn you. You can also download a chrome plugin which is more handy.
Few more tools on the internet .. https://isitphishing.org/ https://talosintelligence.com https://phishtank.com/ https://safeweb.norton.com/
What kind data do criminals want from victims?
- Birthdays and anniversaries
- Username and passwords
- Passport numbers
- Social security numbers
- Credit card details, account numbers and PINS
- Health records.
- and anything that’s private and damaging
Think twice before you share your important details to someone , make sure you are not falling pray to phishing attacks..
Use only safe and official websites to download materials and remember there are NO free lunches.
Disclaimer – Use all the free tools on the internet at your own risk, do some prior research.
About the Author
Sachin
Sachin is a Cloud and an IT expert with a vast experience in Systems , Security and Integration.