Analysis: In Australia, a hacking spree fueled by an undersized cybersecurity workforce

  • Number of affected accounts in Optus, Hacked Medibank equivalent to 56% of the population
  • Hackers seeking to match the successes of others – experts
  • Human error is a common factor in workforce understaffing – experts
  • No quick fix to finding properly trained overseas staff

SYDNEY, Oct 31 (Reuters) – A series of hacks on some of Australia’s biggest companies has made the country a target of copycat attacks, just as a skills shortage leaves a cybersecurity workforce understaffed and ill-equipped to stop it, tech experts said.

While Monday saw the disclosure of another potential breach of sensitive data – a ransomware attack on a communication platform for military personnel – cybersecurity experts attributed a wave of high-profile breaches to a common factor: human error.

Between Australia’s second-largest telecommunications company Optus, which is owned by Singapore Telecommunications Ltd (STEL.SI), and the country’s largest health insurer, Medibank Private Ltd (MPL.AX), some 14 million customer accounts have been hacked – l equivalent to 56% of the population – since September 22 alone.

The assertion of weak labor indicates a problem with no quick fix.

After the COVID-19 border closure that ended at the end of 2021, Australian immigration officials say they are still processing one million visa applications from people seeking to work in the country, many of them in jobs in technology and cybersecurity for employers seeking to fill vacancies abroad. Read more

“They don’t have enough trained people to take this seriously and do what’s necessary,” said Sanjay Jha, chief scientist at the University of New South Wales’ cybersecurity institute.

“Sometimes you check a box in an Excel spreadsheet and you don’t understand what you’re doing, and the result won’t be great. You need people who are really qualified and trained properly.”

With hacking software easier to acquire online and the shift to working from home leaving more weak spots in corporate networks, the number of data breaches has tripled worldwide in two years, according to a study by the cybersecurity industry. This week, 37 countries, including Australia, will meet at the White House to fight ransomware and other cybercrimes.

The rise has sent shockwaves through Australian businesses, particularly due to the high visibility of the targets and the sensitivity of their data, including millions of medical records.

Experts said a steady stream of smaller breach notifications could be the result of hackers seeking to match the success of others.

BIG TARGET

The government agency Australian Cyber ​​​​Security Center (ACSC) said the number of breach notifications had increased by 13% to a total of 33 billion Australian dollars ($21 billion) during the year to June 2021, most recent figures available. The agency is expected to show a further increase when it releases 2022 numbers in the coming weeks.

Australian cybersecurity insurance premiums rose by an average of 56% year-on-year in the second quarter, insurer Marsh & McLennan Companies Inc (MMC.N) said.

“It’s a wealthy country, a first-world country that does a lot of business, has a lot of data, so it’s targeted,” said Win-Li Toh, director of actuarial firm Taylor Fry, which specializes in cybersecurity risks. .

“Trying to employ people to defend your assets is getting harder and harder because there just aren’t enough people coming out, and the education will take one to two years.”

Companies are offering bonuses of up to 50% on starting salary deals for cybersecurity workers due to a “deep talent gap”, said Nicole Gorton, director of specialist recruiter Robert Half. The average Australian cybersecurity base salary is AU$105,000, according to job site Glassdoor.

Neil Curtis, an Australian cybersecurity manager with U.S. tech entrepreneur DXC Technology Co , which runs a cybersecurity retraining program for military veterans, said he had requests for around 300 people trained in the course of the next six months.

Curtis said an official at DXC Technology recently forwarded him a private request for cybersecurity personnel for one of Australia’s largest companies.

“I said, ‘How many do you want? “” he told Reuters by telephone.

“They said, ‘We’ll take whatever you have’.”

($1 = 1.5584 Australian dollars)

Reporting by Byron Kaye and Lewis Jackson; Editing by Alasdair Pal and Kenneth Maxwell

Our standards: The Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *