Experts On Australia's Securities Regulator Says Server Hit By Cybersecurity Breach

Australia’s securities regulator said on Monday there was a cybersecurity breach at a server it used to transfer files including credit license applications where some information may have been viewed. The Australian Securities and Investment Commission (ASIC) acknowledged the incident and investigation is still going on. It is believed that only limited information is seen by the threat actor.

Experts Comments

Dot Your Expert Comments

Jake Moore

January 26, 2021

Cybersecurity Specialist

ESET

The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of

Government breaches are likely to occur more than you might think, as their infrastructure is often outdated. Funding can be difficult to come by and sometimes decision-makers wrongly assess the level of risk. However, although governments may seem like an easy target to certain threat actors, the rewards for a breach are usually not as lucrative as with private organisations. Governments are not so easily swayed into paying big demands to criminals due to their lack of funds, not to mention

The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of threats. No one piece of software can completely put a stop to the attacks, but such risk of an attack should never be undermined by those making the decisions.

Read Less

Javvad Malik

January 26, 2021

Security Awareness Advocate

KnowBe4

Having strong security controls is not optional for any organisation, regardless of size, vertical, or type of data.

The breach is a good reminder that all organisations need to have good monitoring and threat detection controls in place so that any intrusion can be quickly detected and responded to.

Having strong security controls is not optional for any organisation, regardless of size, vertical, or type of data. If any system is accessible, it will be targeted. Therefore, it's important that cybersecurity is embedded within the culture of an organisation through all systems, processes, and employees.

The breach is a good reminder that all organisations need to have good monitoring and threat detection controls in place so that any intrusion can be quickly detected and responded to.

Read Less

Sam Curry

January 26, 2021

Chief Security Officer

Cybereason

Details matter. Transparency matters. Process, clarity, and putting those at risk first matter the most.

The Discovery of the breach at Australia's Securities and Investment Commission (ASIC) is a reminder that there is no such thing as anyone being above an attack. All eyes are now on ASIC for how it handles the situation, what happened and what learnings there are for us all. Details matter. Transparency matters. Process, clarity, and putting those at risk first matter the most. It’s not a fun day for some down under, but they need to remember that their first job is to enable those affected

Read Less

Niamh Muldoon

January 26, 2021

Senior Director of Trust and Security EMEA

OneLogin

This breach highlights the importance of having an appropriate access control mechanism in place for all data and associated data files.

This breach highlights the importance of having an appropriate access control mechanism in place for all data and associated data files. An appropriate access control mechanism should protect data and data files from unauthorised access and ensure authorised access is specific to the individual’s role based on the least privileged model. Moreover, all actions to the data files should be accounted for with monitoring and alerting applied to high-risk action execution.