Australia suffered two major data breaches in the past two weeks.
Two telecom companies — Optus and Telstra, have been the victims of hacking attacks that resulted in the leak of sensitive information.
It all started with Optus. The hacker revealed the data of 10 million customers — including 150,000 passports and over 2.1 million ID numbers.
After the Optus attack, another one followed. Telstra has released a statement that says the data of thousands of current and former workers have been leaked on the dark web.
How did these attacks happen in the first place, and what can companies do to prevent such data breaches?
Undiscovered Vulnerabilities Can Be Exploited
The Optus hack was possible because of a flaw that threat actors discovered and identified.
Cyber experts claim that the flaw has been trivial — meaning anyone that could have discovered it could have breached the company. It’s entirely possible that other criminals have successfully exploited the same weakness as well.
Systems within the organization, as well as their security, are dynamic. They can shift and change in minutes — leaving even the companies with the most robust security exposed to cyber breaches.
Breaches Can Be Caused by a Third Party
Unlike Optus, Telstra hasn’t been the direct victim of a sophisticated hacker. What enabled the data breach was the reward program for teams that the company used.
That same reward company experienced a data breach in 2017.
In the attack, the information that has been leaked is that of the employees dating from 2017 — which has compromised former workers as well.
This data leak hasn’t exposed sensitive information such as home addresses, IDs, and driver’s licenses.
The details of this recent attack are yet to be disclosed.
In cybersecurity, data such as emails and names are part of the external attack surface (including all internet-facing IT assets and leaked credentials on hacking forums).
During security management, it’s necessary to regularly check any exposed assets of the company that hackers could get to while scanning the web.
Be Prepared For Sophisticated Threats
According to Optus, the culprit of the data breach was a sophisticated threat actor.
In cybersecurity, these threats are considered to be advanced. They’re performed by a more skilled hacker who is specifically targeting the organization and can seek the vulnerability that can be exploited for weeks or even months.
Behind more sophisticated attacks are humans — unlike automated attacks that are done on a large scale and aim at anyone with gaps in security that can be exploited.
Automated methods include scanning the entire internet and finding companies that have specific flaws that can be used to breach the network.
Such threats are more difficult to discover since they don’t use known malware and techniques that most security tools can identify and block threats right at the gate — before they turn into an incident.
While it’s not confirmed if the leak has been the result of sophisticated threat actors, this does raise the question — how can businesses discover such threats early?
Improve the Security of Your Organization
What can other companies learn from these incidents to improve their security?
Weaknesses can appear at any time. Steps they can take to strengthen security are:
- Implement layered security (layers of protective software)
- Introduce Attack Surface Management
Layers of Protective Software
To protect their companies from cyber threats, most companies start with a basic firewall and antivirus. As they grow, they build their security infrastructure to cover all devices and software they use on a daily basis.
Each layer makes the business, users, and employees safer.
Such security points include layers of IT teams, protocols, and software that detect and mitigate threats.
However, once the protocols, people, and security tools are in place — the jobs of analysts and IT teams are just beginning because they have to be regularly managed.
Attack Surface Management
Attack Surface Management is a cybersecurity tool that assesses security risks for the company.
Essentially, it scans the internal and external attack surface (anything on the internet or within the internal infrastructure that can be targeted and used by hackers to gain access).
After the scanning, Attack Surface Management tests the vulnerabilities with simulated attacks to determine whether the hacker could use them to get into the system.
It ends with the report on the dashboard — listing critical flaws for the IT teams to repair on time.
The software is automated — which means that it runs in the background 24/7, blocks the threats that it recognizes right away, and notifies the teams of the vulnerabilities that need patching up or suspicious activity in real-time.
What’s more, the tool is constantly updated with the latest findings from the MITRE ATT&CK Framework that lists all the latest hacking methods.
As a result, the management of the systems is up-to-date and alerts the teams of the signs of hacking early.
Anyone Can Be the Target of a Data Breach
While in the case of Optus and Telstra, the criminal targeted large Australian businesses, any individual and company of all sizes can be the target of the attack. That’s especially true for organizations that lack proper security management systems.
Regular testing of security and providing cybersecurity hygiene — discovering the flaws and patching up is essential.
To prevent data breaches, protect the network within as there the information circulates.
Start with building a solid foundation of layered security tools and protocols.
After that, the systems that guard the company have to be managed — regularly tested, scanned, and patched up to prevent hacking.
No company is completely safe from a sudden attack that could result in a breach. But what they can do is be prepared and keep their guard up at all times.