• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Service NSW Phishing Attack

You are here: Home / Security News / Service NSW Phishing Attack

In September 2020, Service NSW confirmed that a number of their customers and staff had fallen victim to a cyber-attack earlier this year. The personal data of 186,000 individuals was leaked, as a result of phishing attacks on 47 employees.

In April of this year, Service NSW was attacked by a cyber actor, resulting in a confidential data leak that totalled a staggering 738 gigabytes of data. The data was not entirely personal data, but may have consisted of victim’s birth certificates, payment card details, medical records, financial information and legal information.

Malicious cyber actors gained access to the sensitive information by subjecting employees to phishing attacks. The actors sent emails with links to websites that appeared legitimate, and prompted users to log in with their credentials. These fraudulent websites would capture the employees’ credentials, which were then used by the actors to gain unauthorised access to email accounts.

It was revealed by the recent investigation that Service NSW had shortly begun using Microsoft’s Office 365 email and software suite, but had not yet implemented the simple security measures that would have greatly reduced the likelihood of such an attack from occurring, such as multi-factor authentication. Multi-factor authentication (MFA) is a simple security technology that requires users to input a code that is usually sent to their mobile phone to log into accounts. This requires anyone attempting to gain access to require not just a password, but also access to their mobile phone.

The head of Cyber Security NSW, Tony Chapman, told media outlet Guardian Australia that MFA could have prevented as much as 61% of cyber-attacks occurring in NSW government agencies last year. Multi-factor authentication is a simple, but extremely effective security measure that is becoming increasingly popular in modern software platforms today.

It was also found that there were issues with staff using ineffective passwords that were the same between personal and work accounts. To make things worse, staff were also sharing a staggering number of confidential documents over email, which were then compromised in the attack.

These findings tell us that cybersecurity has not been made a priority when rolling out new software within government agencies. This is also true of the private sector. Security should be a top priority for all software rollouts that occur within an organisation, and should not be forgotten or pushed aside to implement at a later date. If strong security measures are implemented at rollout, it can encourage a greater security culture within the organisation. The Service NSW attack was a result of employee manipulation, which can be directly associated with a lack of effective cybersecurity education. An organisation’s cybersecurity is only as strong as its workforce.

Australian organisations are at a greater risk of cyber-attack than ever before, and these attacks are capable of causing more damage. It is absolutely critical that the necessary precautions are put into place as soon as possible. Organisations should ensure that they never become complacent and operate under the assumption that they will never be targeted.

If you find that your organisation requires assistance with either implementing strong security measures, or providing effective cybersecurity education within your organisation, Agilient is equipped to help. Our expert consultants and trainers can custom-tailor security solutions and training that will equip your organisation with the skills and techniques that it needs to prevent today’s most problematic cyber-attacks.

If you’d like to learn more, contact Agilient today.

Author: Jack Schofield, Agilient Consultant

Tweet
Share

Security News Agilient,  cyber attack,  cybersecurity,  data breach,  government,  Government agencies,  MFA,  multi-factor authentication,  phishing,  security

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692