Executives’ dismissive cybersecurity attitudes set the stage for Toyota, Cabrini, Parliament, and other breaches

‘We told you so’, say security experts, as high-profile breaches continue and government experts scramble to contain the fallout

Credit: ID 51984711 © Nils Ackermann | Dreamstime.com

February may be the shortest month, but reports that Toyota Australia has been targeted by cybercriminals lend further weight to arguments that the risk of data breaches has never been more severe.

The local arm of the world’s largest car maker issued a statement in which it said the company “has been the victim of an attempted cyber attack. At this stage, we believe no private employee or customer data has been accessed.”

That threat is being managed by the company’s IT department, which has engaged “international cyber security experts” to get its systems moving again, the company said.

The hack comes just hours after revelations that more than 15,000 patient files at a specialist cardiology unit at Melbourne’s Cabrini Health had been encrypted after a ransomware strike, and days after the federal government confirmed that nation-state actors were responsible for the recent hack of Parliament House’s servers and systems belonging to the Liberal, Labor, and National parties.

As forensic work on the Parliament attack continues and analysts scramble to gather enough evidence to confidently point the finger – China is suspected but denies interference – the Australian Cyber Security Centre (ACSC) is facing its biggest test yet as a centre of excellence for cybersecurity specialists and skills.

“We are working hard to try to find the signs” that attackers are still in the networks of the three compromised political parties,” national cyber security advisor Alastair Macgibbon told ABC News. “The reality is that these are sophisticated hackers. A good hacker, a sophisticated nation state, once they are in a system, will create other ways to get back into a system.”

Security consultants were quick to seize on the series of breaches as a reminder that many organisations still aren’t giving enough priority to cybersecurity protections and prioritisation of data security.

“For too long businesses have claimed that they accept the risk of cyber attack without really understanding what it means, and only start responding after their systems have been breached and their data stolen,” CQR Consulting chief technology officer Phil Kernick said in a statement.

“In 2019, this is no longer good enough. Businesses need to proactively assess and protect against the increasing cyber threat.”

The scope and nature of that cyber threat is changing rapidly as cybercriminals move from one attack vector to another depending on their relative success rates.

Symantec’s latest Internet Security Threat Report, for one, found that web attacks had risen 56 percent since the previous year, while 4800 websites were being compromised with ‘formjacking’ code – which uses malicious JavaScript to scrape personal and confidential information from website forms as they are filled out by customers – each month.

Cryptojacking, on the other hand, was on the decline – dropping 52 percent from the beginning of 2018 to the end of the year – thanks to a variety of factors including better awareness of cryptojackers’ methods and a 90 percent drop in the value of Monero cryptocurrency.

Also declining was ransomware, which dropped by 20 percent over the course of 2018 – despite a 12 percent increase in the incidents of ransomware targeted at enterprises.

Whether this represents a move away from ransomware, or simply a renewed focus on going where the money is, depends on your perspective. But it’s a semantic difference for the likes of Melbourne Heart Group, which is scrambling to contain the damage from its ransomware breach and reassure customers that no patient data has bee compromised.

“This is another example of what is to be expected in the future, Gemalto regional director ANZ Graeme Pyper said in a statement highlighting the importance of at-rest data encryption, “and why encrypting data is of the utmost importance to protect Australian’s health data and privacy.”

“Encrypting the data as soon as it is entered into medical systems not only protects the information from accidental loss/disclosure but it also goes a long way to mitigate the impact of ransomware attacks. The use of encryption alone would not stop a ransomware attack in its entirety, however it would indirectly render the purpose pointless.”

The often-compromised health industry needed “a wake-up call”, Pyper said, with the relatively high value of medical data and its reliance on sensitive personally identifiable information (PII) creating a particularly high risk profile.

Yet while the attacks are a wake-up call for the many poorly protected organisations out there, Michael Warnock, Australia country manager with Aura Information Security, warned that continuing underinvestment and executive ignorance were still proving problematic.

“While the majority of businesses have some sort of structure in place to keep the board and senior management apprised of security issues, our survey late last year found that one-fifth of Australian IT professionals report that senior managers don’t regard cyber security as a key concern,” he said.

“Buy-in from senior management is essential for any company-wide process. Complacency on cyber-security from management puts the whole organisation at risk and organisations really do need to develop processes for monitoring and managing their cyber health.”

Tags cybercrimeToyotadata breachesCryptojackingcybercriminals

Show Comments