Paying hackers is widespread in Australia, according to a top government cybersecurity outfit.
Sydney :On Tuesday, a senior Australian government cybersecurity contractor stated that corporate insurers regularly pay hackers a ransom for client data.
The Macquarie Telecom Group Ltd., which administers cybersecurity for 42% of Australian federal employees, including the Australian Taxation Office, suggests a lack of readiness in an industry that has been in the limelight amid a string of high-profile attacks in the past month.
“These are the largest organizations in the world, bending over themselves to pay criminals as fast as possible to cap their responsibility,” Macquarie CEO David Tudehope told Reuters. “Where else do reputable corporations pay millions of dollars to criminals and it’s okay?”
Tudehope said that insurers who paid hackers a ransom couldn’t be sure that the data would be deleted, which put sensitive customer information at risk.
Medibank Private Ltd., Australia’s largest health insurer, disclosed this month that a criminal had stolen 100 of its 4 million clients’ sensitive health data and demanded payment. On Tuesday, Medibank claimed the thief had displayed data from another 1,000 users and that the figure was likely to climb.
Singapore Telecommunciations Ltd.-owned Optus, Australia’s No. 2 telecom, reported last month that a hacker demanded money from 10 million subscriber accounts, or 40% of the population. Over publicity concerns, the Optus hacker retracted the demand.
Data breaches could result in a $50 million fine from the federal government.
“This is a big wake-up call for the country,” Cyber Security Clare O’Neil told parliament. “Our nation must step up.”
O’Neill said that on Saturday, the national crisis management group, which was put together during the COVID-19 pandemic, met three times to talk about the Medibank hack.
CEO Tudehope of Macquarie Telecom didn’t want to say anything, but he blamed unprepared cybersecurity executives who were too focused on managing internal stakeholders and too reliant on all-in-one solutions like firewall software.
“The difficulty in cyber is it just changes so quickly and the individuals in senior management who, in many cases, do not have a background in cybersecurity because it wasn’t a thing as they worked their way up,” Tudehope said.
He continued, “They’re making decisions they often don’t comprehend.” “Junior or middle-level IT departments or government agencies commonly have IT security experts.”
Tudehope said most firms will be attacked and should have a recovery plan in place, such as constantly backing up confidential data in a separate location, to prevent hackers from accessing it.
