Leaking patient data to the dark web might sound like something out of a science fiction movie, but it’s a bleak reality here in Australia.
News headlines have revealed that Australian pathology business TissuPath suffered a data breach with a decade’s worth of patient request forms exposed by Russian cyber gang BlackCat, also known as ALPHV.
The implications of this hack are still unfolding, but it’s fair to say that corporate life as we know it has completely changed for TissuPath.
It’s the latest in a long string of cyber breaches that make the headlines, highlighting the challenges of the evolving digital landscape, where change is inevitable.
As the industry continues to move at lightning speed on the back of digital innovation, many organizations continue to be perilously close to the edge of a cyber hack every single day. It’s increasingly challenging to be certain that in-house Security Teams have the right level of risk analysis , protection and technology stack to meet the ever-changing cyber risk landscape, particularly in the world of hybrid work models.
A detailed news report from the ABC showed that there had been 2,784 recorded breaches since the start of 2020, covering everything from the Optus and Medibank breaches, which exposed the personal information of millions, to individual emails accidentally sent to the wrong person.
Reporters set out to find out what they could about both reported and unreported cyber breaches and discovered that at least two multinational giants – Amazon and Spotify – did not fall into the scope of ‘notifiable’ events in Australia and therefore their breaches weren’t listed in the data released to the public. It also revealed that there could be many, many more that we don’t know about.
They discovered that the top industries affected by data breaches are healthcare, finance, legal, accounting and management services. Personal contact information including home addresses, phone numbers and email addresses remain the most frequently sought-after information in data breaches, while identity and health information is also highly prized.
The news report told us what IT specialists already know – that human error was the cause of 324 breaches, which is proof that there’s still a need for greater education on security in Australia.
The continuous evolution of cyber threats is clear. The financial and reputational damage can bring a company to its knees, particularly as the media feasts on cyber breach stories, sometimes for weeks on end.
Like it or not, mitigating the risks and managing the fall-out of cyber breaches falls squarely onto the shoulders of senior management and the Board. The days of delegating responsibility are over: the CEO needs to be involved in formulating a proactive cyber strategy, which needs to be centered on the right security measures that protect your cloud while giving immediate visibility into your entire cloud estate so your organization can identify, prioritize and remediate the 1% of risks that matter.
The cost of cybercrime in Australia far outweighs the cost of implementing the support measures every single organization needs in place these days. Regular reviews and updates to cyber security budgets is paramount.
Federal government figures reveal that the average cost of a cyber crime to a business is $276,323, while 50% of the costs are caused by web-based attacks and insiders that take an average 23 days to resolve.
The directive is unequivocal: organizations must adopt a proactive stance, embracing continuous threat monitoring and intelligence. This enables a focus on predicting and preventing threats rather than being forced into a reactive position post cyber-attack.
The key to success is adaptability and while the talent shortage in IT isn’t going away anytime soon, the need to respond quickly to cyber threats is very real.
There’s broad acceptance that collaboration with peer companies and intelligence sharing can help organizations navigate cyber security. Regular training sessions for employees that involve scenario drills and cybersecurity mock attacks can help test preparation times and expose areas of the business that require focus.
Next, make sure your organization has invested in the latest cybersecurity solutions, and that you’ve hired and are able to retain the best talent you can get your hands on. The trick is to make sure your teams are prepared for what may come next, which takes a dynamic approach.
As the technological advances continue and the opportunities and threats of everything from Artificial Intelligence to automation are fully understood, organizations need adaptive and agile solutions in place in the event of potential threats and challenges on the horizon.
This means taking cyber security challenges seriously, being proactive and always being prepared for the unexpected. There is no room for ignorance.
So many security tools out there are inadequate at detecting and stopping modern threats, narrowing focussed with the inability to integrate well into existing business processes, too siloed and lacking in context.
Plerion brings disconnected security data together and adds meaningful context to answer customer’s most challenging security questions through natural language search. Be vigilant and prepared, or risk becoming a victim.