Another Major Hack- Now in administration
Breaking News
Late in May a Russian Hacking forum claimed it had 6.5TB of Australian e-prescription company’s MediSecure stolen data for sale for $50,000. Fast forward to this week it has now called in the administrators.
The data for sale stated “Includes information on citizens, insurance numbers, phone numbers, addresses, full names, supplier information, contractor information, emails, user names + passwords for the MediSecure website, prescription information (who was prescribed what), IP addresses of visitors to the site and etc.”
Also,The Home Affairs Department has confirmed a cyber incident impacting Ticketmaster customer late yesterday and it has been reported that the personal details of 560 million worldwide Ticketmaster customers may have been leaked in a data breach, the notorious hacker group ShinyHunters has claimed responsibility. 1.3 terabytes of customer data possessed by Ticketmaster including names, addresses, credit card numbers, phone numbers and payment details is up for sale. ShinyHunters is reportedly asking for $750,000.
A spokesperson from the Department of Home Affairs told the ABC it is “Working with Ticketmaster to understand the incident”.
This type of news is a daily occurrence in our environment as it’s our business to know what security should be in place to mitigate data loss where we can and highlight the security risks to directors.
Addressing cyber security and managing risk is a directors’ duty and a failure to act could result in directors being held personally liable for a breach of directors’ duties through civil litigation.
We have been increasingly asked to help companies identify areas of risk by engaging in a Foundation Cyber Security Audit.
A Foundation Cyber Security Audit is a systematic evaluation process designed to assess an organization’s adherence to basic cybersecurity principles and practices.
It is an initial or high-level review that helps identify the foundational elements of an organization’s cybersecurity posture.
Here are the key components and objectives of such an audit:
Key Components:
- Assessment of Policies and Procedures:
- Evaluating the presence and effectiveness of cybersecurity policies.
- Reviewing incident response plans, data protection policies, and user access controls.
Risk Management:
- Identifying and assessing potential cybersecurity risks.
- Evaluating the risk management strategies in place.
Network Security:
- Checking the security of the organization’s network infrastructure.
- Ensuring firewalls, intrusion detection systems, and encryption protocols are properly implemented.
Access Controls:
- Reviewing how access to systems and data is managed.
- Ensuring proper authentication and authorization mechanisms are in place.
Data Protection:
- Evaluating how sensitive data is stored, transmitted, and processed.
- Checking for encryption, backup, and data integrity measures.
Physical Security:
- Assessing the physical security controls protecting the organization’s IT infrastructure.
- Ensuring that access to critical hardware is restricted and monitored.
Compliance:
- Ensuring the organization complies with relevant regulations and standards (e.g., GDPR, HIPAA, ISO/IEC 27001).
Employee Training and Awareness:
- Evaluating the effectiveness of cybersecurity training programs.
- Ensuring employees are aware of cybersecurity policies and best practices.
Incident Response and Management:
- Reviewing the procedures for detecting, reporting, and responding to cybersecurity incidents.
- Ensuring there are clear roles and responsibilities in case of a breach.
- Identify Weaknesses and Vulnerabilities:
- Highlight areas where the organization’s cybersecurity defences are weak or lacking.
Enhance Security Posture:
- Provide recommendations to improve the organization’s overall cybersecurity framework.
Ensure Compliance:
- Verify that the organization is meeting regulatory and industry-specific cybersecurity requirements.
Risk Mitigation:
- Suggest measures to reduce the risk of cyber-attacks and data breaches.
Continuous Improvement:
- Establish a baseline for future audits and continuous monitoring of cybersecurity practices.
By conducting a Foundation Cyber Security Audit, organizations can ensure that they have the basic protections in place to defend against cyber threats and are prepared to build upon this foundation with more advanced security measures.
The Audit does not remediate its findings, it states what actions are required to mitigate risks discovered. The purpose of the audit is for management to understand the risks, take action to rectify or accept the risks identified.
If you feel its time to assess your security, please do not hesitate to contact us.


