Australia led the way in the first reported data breach of 2019, announced less than 24 hours into the New Year. The Victorian Government hit the ground running with a major data breach after their directory had been downloaded by an unknown party, giving access to the work details of 30,000 Victorian public servants. The breach allegedly occurred on 22nd December 2018 and was discovered soon after. This quick turnaround is rare as it takes most companies over 6 months, or 197 days, to detect a data breach, according to the Ponemon Institute.
The list, usually available to government employees only, contains emails, job titles, work and personal phone numbers. It has been emphasized, however, that no financial or banking information was affected in the breach. While this information seems somewhat benign, experts warn that access to such details can lend credibility to other more malicious social engineering attacks
University of Melbourne cybersecurity researcher, Suelette Dreyfus explains how obtaining datasets of information such as this can help attackers to “figure out where the power centre is and who [they] would target if [they] were going to try to hack someone’s email”. Dreyfus also explained that, ultimately, this information could be valuable in influencing government decision making.
Meanwhile, the breach is under investigation by the Federal Police, the Office of the Victorian Information Commissioner and the Australian Cyber Security Centre. A spokesperson for the Department stated that any learnings from the investigation will be “put in place to better protect against breaches like this in the future”.
This breach is the cherry on top of a year full of uncertainty and disorganisation around cybercrime policies. At the start of the year, experts estimated that a ransomware attack on businesses would occur every 14 seconds. The same firm behind this estimation also predicted that damage related to cybercrime would hit $6 trillion annually by 2021. Indeed, the government is yet to implement an effective and usable policy strategy when it comes to cybersecurity, and businesses and individuals alike are still demonstrating that they either do not take the threat seriously, or they do not understand it enough.
Since 2013 security company Gemalto has kept a Breach Level index which shows that every minute, 4,243 data records are lost or stolen. To change these statistics, companies must start incorporating cybersecurity into their operations more thoroughly and efficiently. The first step could be to start off 2019 with a security audit, or by seeking advice from experts on where your businesses vulnerabilities lie and how you can protect your company, your information and your employees.