The cyber-attacks on Optus and Medibank recently have brought into focus the devastating impact breaches can have on the reputation of any organisation.
The Optus attack, which was the largest and most high profile in Australian history, has left almost 10 million customers understandably livid that their personal information was stolen.
It is believed that the Medibank attack began when an individual with high-level access to the health insurer’s systems had their credentials stolen by a hacker, who then put them up for sale. Optus had an application programming interface (API) online that did not need authorisation or authentication to access customer data.
The reputational impact of both cyber-attacks will be felt for some time to come. They are a warning shot to Australian businesses that simply can’t be ignored.
Many CISOs will now be taking a closer look at their internal cyber education programs, among other things, to give staff the best chance of not falling victim to cyber-attacks that can severely damage their organisations.
Sarah Sloan, head of government affairs and public policy at Palo Alto Networks, and Matt Warren, director of RMIT’s Cyber Security and…