Australia’s securities regulator said on Monday there was a cybersecurity breach at a server it used to transfer files including credit license applications where some information may have been viewed. The Australian Securities and Investment Commission (ASIC) acknowledged the incident and investigation is still going on. It is believed that only limited information is seen by the threat actor.
Experts Comments
The breach is a good reminder that all organisations need to have good monitoring and threat detection controls in place so that any intrusion can be quickly detected and responded to.
Having strong security controls is not optional for any organisation, regardless of size, vertical, or type of data. If any system is accessible, it will be targeted. Therefore, it's important that cybersecurity is embedded within the culture of an organisation through all systems, processes, and employees.
.....Read MoreThe Discovery of the breach at Australia's Securities and Investment Commission (ASIC) is a reminder that there is no such thing as anyone being above an attack. All eyes are now on ASIC for how it handles the situation, what happened and what learnings there are for us all. Details matter. Transparency matters. Process, clarity, and putting those at risk first matter the most. It’s not a fun day for some down under, but they need to remember that their first job is to enable those affected
.....Read MoreThis breach highlights the importance of having an appropriate access control mechanism in place for all data and associated data files. An appropriate access control mechanism should protect data and data files from unauthorised access and ensure authorised access is specific to the individual’s role based on the least privileged model. Moreover, all actions to the data files should be accounted for with monitoring and alerting applied to high-risk action execution.
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Government breaches are likely to occur more than you might think, as their infrastructure is often outdated. Funding can be difficult to come by and sometimes decision-makers wrongly assess the level of risk. However, although governments may seem like an easy target to certain threat actors, the rewards for a breach are usually not as lucrative as with private organisations. Governments are not so easily swayed into paying big demands to criminals due to their lack of funds, not to mention
.....Read MoreGovernment breaches are likely to occur more than you might think, as their infrastructure is often outdated. Funding can be difficult to come by and sometimes decision-makers wrongly assess the level of risk. However, although governments may seem like an easy target to certain threat actors, the rewards for a breach are usually not as lucrative as with private organisations. Governments are not so easily swayed into paying big demands to criminals due to their lack of funds, not to mention the public audience. Such financial demands are also even more difficult to sign off, so the motivation behind government attacks are often linked to other factors and political motives.
The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of threats. No one piece of software can completely put a stop to the attacks, but such risk of an attack should never be undermined by those making the decisions.
Read LessLinkedin Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-australias-securities-regulator-says-server-hit-by-cybersecurity-breach
Facebook Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-australias-securities-regulator-says-server-hit-by-cybersecurity-breach