The Australian government has built a reputation as being one of the biggest proponents of cybersecurity. They have successfully defended their government and businesses from cyber attacks in the past. However, a recent series of successful cyber attacks has embarrassed the Australian government, forcing them to take steps to reevaluate their security services.
Several Security Breaches Throughout the Australian Government
Service NSW, which represents the digital service branch of the New South Wales government, was surprised when, in the latter part of April, successful phishing attacks
allowed hackers to get access to the email accounts of more than 45 staff members.
The data collected as a result of the attack was limited to email records. This breach happened just a few days after the government needed to shut down its COVID-19 Australian Taxation Office program that was designed to give individuals early access to superannuation funds. This shutdown happened after it was revealed that a third-party agency associated with the program had felicitated fraud.
186,000 Customer Records Stolen From Australia’s State Government
The theft of data related to over 186,000 individuals took place in April 2020. The amount of information totaled over 738 GB of data. More than 3.8 million documents were gathered.
These documents included a wide variety of information, like forms, records of transactions, scans, and applications. More than half a million documents had information that could personally identify the victims.
This personally identifiable information included things like firearms registrations, driver’s licenses, birth certificates, medical records, and credit card details. What is of special interest is that much of the data is thought to have involved transactions that took place over the phone or over the counter at Service NSW centers.
This email attack only targeted the accounts of the 47 staff members whose accounts were compromised. It is thought that the attack first came to light because a staffer tried to click a link in an email that looked suspicious.
All of this points to a phishing campaign of some sort. It was more than likely a spear phishing campaign designed to target specific employees who work within the Service NSW agency.
Police Involvement in the Investigation
Police immediately began investigating these cybersecurity attacks and looking at the agency with the goal of identifying the individuals who had been affected by the attack. If necessary, individuals who have been affected by the attack were given a case manager.
This isn’t the only time that Service NSW has been the victim of a cybersecurity attack that resulted in data being leaked. On September 1, more than 54,000 NSW drivers license images were leaked
. This was because of an unsecured Amazon web services server. While that breach is not specifically blamed on the Australian government but on a third-party business, the effects that it has had on Australian residents is the same. Their private information has been exposed to the world.
While it is unfortunate that the Service NSW was the victim of a phishing attack, this shouldn’t be a surprise. Especially in light of COVID-19, there has been a surge of bad actors using targeted phishing attacks to gain access to private data in major companies around the world and in government institutions.
They are taking advantage of the fact that many organizations and governments now have their employees working from home
. The change from working in a secured office environment to working from home happened so quickly that there was not enough time to put adequate network security measures in place.
Even businesses and governments that already had some security measures in place they may not have been able to adapt them or expand their infrastructure to the point where they could provide sufficient security for remote workers.
Many remote workers aren’t educated on how to secure their devices properly while working from home, and that puts a company at risk of their valuable data being stolen. While there are common security practices like using strong passwords, investing in antivirus software, or using a VPN service, many remote workers fall into the trap of using free services, or the ones that are too cheap to offer a good amount of protection.
Will Ellis of Privacy Australia tested over 20 VPN solutions
focusing on a few important criterias like jurisdiction, logging policy, and speed. His 2020 report shows that not all VPN services offer the same quality for the price, and most of the remote workers that weren’t properly educated on cybersecurity solutions aren’t able to pick what’s best by themselves. But one thing is for sure – never use free VPN solutions ‘cause they probably collect and sell your data to advertisers on the Dark Web.
Training Employees to Take Cybersecurity Seriously
In every organization, it is the employee who is the best defense or possibly the weakest link when it comes to cyber attacks. This is especially true when it comes to phishing attacks.
Successful phishing attacks are carried out by sending an individual an email that might contain information that seems legitimate. The email may appear to come from management or a respected person in a business or government organization.
If employees are not trained to scrutinize emails before they open them and carefully review emails before opening attachments, they could find themselves inadvertently becoming a pathway that allows cyber criminals access to personal data.
There are some simple things that employees can do to keep their devices and their organization’s network safe. One simple thing is to use quality passwords to protect their devices, their accounts, and other sensitive information.
A quality password is going to be at least eight characters long, preferably 12 characters or more. It’s going to include alphanumeric symbols, upper and lowercase letters, and special symbols.
Having a strong password is just one part of what is needed. This is why organizations need to invest in employee training
. Cyber criminals are constantly coming up with new schemes and developing new tactics to get the information or the data they want. This means that employees must be constantly brought up to speed with the latest approach criminals are trying.
Employers must commit to a variety of approaches to keeping their team up-to-date with what is out there and how to respond to these threats. It means that employees need to change their mindset. Instead of seeing an individual who opens a wrong attachment or who falls for a fake email as the point of failure, they need to understand that it is the security training of the organization that needs to be improved with the goal of keeping everyone safe.
It is dangerous for organizations to think that past success in cybersecurity is an indication of future success. Organizations should keep their team up-to-date with cybersecurity news. This helps the team think about cybersecurity attacks daily and recognize their role in keeping their organization or the government institutions that they work for safe.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 888-809-8385 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much
pathogens and gives you more
energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans
toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification,
mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter
radiation by 96%! (See Video)
Immusist Beverage Concentrate - Proprietary blend, formulated to reduce inflammation while hydrating and oxygenating the cells.