Have you heard of a “CyBeer” attack?
Me neither, until one of Australia’s largest breweries was forced to shut its doors after hackers infiltrated their IT network. Lion Australia, which produces Hahn, Tooheys, XXXX Gold among others, has been the latest in Australia who have been recently targeted. It was Adelaide based “MyBudget” last month where the bad actors threatened to release customer data on the dark web. On the other side of the world, details of 9 million customers were exposed by an attack on EasyJet. Honda, the Japanese car giant, just confirmed they fell victim to an attack this month. It’s not just the big names either. We have noticed an increase in breaches with SMB across multiple industries in Australia including eCommerce, healthcare, distribution, supply chain and a variety of other service-based businesses.
What do they have in common?
They all have customers and handle some sort of sensitive information. Cyber Security risks are now heavily present in Australian business of all sizes, with criminal methods becoming more sophisticated. The main threats include exposing private data, theft of confidential files and stealing funds.
Personal Identifiable Information (PII) is anything that can distinguish one person from another. This includes but is not limited to names, government IDs (passports, licences, license plates), addresses, phone numbers, email addresses, birthdates, age, race, location, medical details, financial details, resumes, career records and even school grades or records. An example of the risk would be if I have an online form that takes 3 types of sensitive data for individuals to set up an account, such as name (John Doe), race and birthday. These details alone might not let you distinguish John Doe from the next guy. If the website also tracks the Internet Protocol (IP) location and I put all the information together, I can determine John Doe is 39, caucasian and potentially discover the street where he lives based on the IP address tracked from the website. For a lot of people, this is the worst-case scenario, but if you add financial information, healthcare information, legal records and more – the privacy concerns and impacts are frightening.
The general motivation behind malicious attacks is the hackers want to expose either the confidentiality, integrity and/or the availability of data. Ransomware targets the availability of data and systems, often bringing organisations offline which means they are no longer able to service their clients. When clients are not able to get their product or service they are looking for, they can go to the competitors which puts an enormous amount of pressure on companies to recover quickly or think about paying the ransomware. Targeting the confidentiality of data often means exposing the PII or sensitive data an organisation has. The dark web is a common place to find a list of records that were breached recently and when the word gets out, it will tarnish a company’s reputation. Targeting the integrity of systems is something that is new to the market but quickly gaining momentum. Artificial Intelligence (AI) requires ‘clean’ data in order to learn and provide intelligence as designed for the future. If a bad actor is able to give ‘dirty’ data that’s been manipulated to the AI program, it learns that this bad data is normal and will be altered in the years to come. Some researchers teach AI like a child and we all know if you drop an ‘F-bomb’ in front of one, they will use it at the worst possible time!
These threats are evolving and becoming more sophisticated – exposing data, teaching AI programs to swear and even stopping our favourite beer manufacturer from producing our beloved bevvies. The scenarios are endless but one certainty is that – if you use technology and have customers, you likely have data to protect.
How we can help
With attacks increasing in complexity and hackers in their sophistication, no longer can safeguarding be left to IT specialists. It is paramount that businesses work to improve their overall cyber security with strategic and operational practice so they are equipped to protect against, respond to and rebuild quickly from a cyber attack.
Vincents can help you meet this challenge.
Our Cyber Security team partners closely with our clients to assist them in creating strategies and frameworks to single out, mitigate and future proof against cyber risks. We take a holistic and hands-on approach to our engagements, taking into account regulatory difficulties, industry intricacies, operating model specifics and technical challenges.
With a diverse range of backgrounds including IT, operations, data privacy and forensic technology, our cyber security team is well placed to assist you with strategy & risk management, assessment & testing, incident response & recovery and awareness & training.
An Important Message
While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents. Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.