Optus Hack – The Aftermath

Optus Hack – The Aftermath

 In Integer IT News, IT Tips, Security
0

The Aftermath of this hack will be long lasting in our memory as it directly affects 10 million  Australian users, myself included. The reputational damage and costs to Optus will be ongoing for many years, well beyond the cost of replacing individual’s passports and driving licences of those affected.

When signing up of an Optus account or mobile data plan the whole process involves validating who you are, where you live with photo ID. Driving licences, passports, bank accounts, Medicare information and utility bills are forms of ID to prove you are you. Potentially that information has now been exposed, it’s certainly not the first major breach of a service provider and it will not be the last.

The hacker claimed they deleted the data and apologised, but not before other dark web users may have copied it so all the private data information exposed by this intrusion will circulate for many years. Global security and government agencies will be monitoring banks transactions, border security and they will no doubt track down the initial perpetrator eventually, but not all the other malicious groups who may have copied it.

As humans we have tendency to use passwords that are familiar to us, and we repeat them across multiple accounts. Of course, with a username (your email address) and a password exposed by Optus you may have used the same email and password for your bank account app, Netflix account, Google, Service NSW or Microsoft 365 email accounts plus countless others. The impact is potentially across all your daily transactions, social or viewing applications.

These are all in need of serious attention, as soon as possible.

The obvious action is to alter all your passwords but setting up multi factor authentication (2FA) should be a priority so the next time your favourite service provider or application is hacked you at least know there is an additional layer of security in place. Security should be of utmost importance with two step authentications as a minimum.

In the last 2 months we have highlighted what the Dark Web is in our news and only last month we predicted that mandatory business cyber security is coming, this type of event only accelerates legalisation in this area which will prove costly to some small businesses.

Of course, as a listed company Optus must declare breaches of this nature, so we all know about it other service providers who are not listed don’t have to.

It’s worth mentioning that if your mobile phone is compromised, that is where your authenticator app resides, so it’s another way into your personal information which could provide 30 days of access if you have set up 2FA that way. Scammers are already sending out messages via SMS pretending to be Optus and offering a link to book your replacement SIM to be sent out. Optus are not sending these, and this sort of message should be deleted immediately.

 

 

 

So, the message from us is to remain vigilant and budget for security tools and ongoing training. If your accountant hasn’t told you already, subscribing to or purchasing a cyber security-based service offers a 120% tax write off, the ATO wording is below.

Small Business Technology Investment Boost

Small businesses (with aggregated annual turnover of less than $50 million) will be able to deduct an additional 20 per cent of the cost incurred on business expenses and depreciating assets that support their digital adoption, such as portable payment devices, cyber security systems or subscriptions to cloud based services.

Businesses may continue to deduct expenditure that is ineligible for the bonus deduction under the existing tax law. We will provide further details on eligible expenses once the law has passed.

An annual $100,000 cap will apply to each qualifying income year. Businesses can continue to deduct expenditure over $100,000 under existing law.

Finally, we exist to inform, educate, and protect our clients.

Unfortunately, and for the avoidance of doubt, a firewall and endpoint security alone will not protect a company’s data from malicious actors, it’s just one element of a robust security posture. IT

Security can easily be circumvented if a user gives away their IT log in credentials via phishing attempts. Email spam filtering, to prevent unwanted email arriving in the first place, is required and a large part of defence is educating users and the way they interact with technology through phishing training.[/vc_column_text][/vc_column][/vc_row]

Recent Posts
Contact Us

Send us a message and we'll get back to you as soon as possible.

Start typing and press Enter to search

Cyber Compliance is Coming – How Does Your Organisation Measure Up?Integer IT News, IT Tips, Security
Time is up for Office 2013 – What’s happening & why is it not working?Integer IT News, IT Tips, Security