Optus criticised for not taking cyber security ‘seriously enough’ in the wake of hack

By admin On Oct 1, 2022

The recent Optus cyber attack has raised questions amongst tech experts about data security and how prepared the telco was for the hack.

Creator of website Have I Been Pwned Troy Hunt claims Optus had not invested enough in their cyber security systems prior to the attack leaving millions of customers vulnerable.

“You can only assume they didn’t invest enough in their defences,” he said.

Generic Optus image — Almost 10 million Optus customers fell victim to the attack. (Eddie Jim)

“There was such a simple attack, they clearly didn’t invest enough and take it seriously enough.”

Hunt said it is now a waiting game to hear from the telco’s bosses about how the attack happened.

IT specialist Win-Li Toh said it isn’t about a blame game rather there is a shortage of qualified people to defend Australia’s cyber security.

“I think it is a temptation to simplify the issue down to who’s to blame,” she said.

“Our research shows 30,000 qualified people over the next four years are needed to keep our nation safe but there’s only 1300 coming out of tertiary education.”

Scam text from ‘mum’ leads to account at Aussie bank

Concerns more customers at risk

“We know they had no scruples about dumping more than 10,000 records publicly and intended to keep doing so in order to get a ransom reward on the data,” he said.

“I wouldn’t have much confidence at all that they haven’t retained more of the data and will do something about it in the future.”

Creator of Have I Been Pawned Troy Hunt addresses Optus cyber attack. — Creator of Have I Been Pawned Troy Hunt says Optus didn’t take cyber security seriously enough. (9News)

‘This thing is more prevalent than Optus’

Toh said cyber attacks are more prevalent in Australia than many people realise.

“In Australia, there’s an attack every eight minutes reported to the government,” she said.

“Last year there were $33 billion of total reported losses from cyber crime in Australia. That’s 13 per cent up on the previous year and rising.”

Toh said cyber attacks go beyond the recent attack on Optus and are far “bigger”.

“I’m not trying to scare people but I think the issue is a lot bigger than Optus,” she said.

What can be done to stop it in the future?

Toh said that comprehensive data protection comes down to individual responsibility and companies taking cyber insurance.

IT specialist Win-Li Toh addresses Optus cyber attack. — IT specialist Win-Li Toh recommends how to prevent cyber attacks. (9News)

“The first lines of defence are individuals taking responsibility in the first place for basic cyber hygiene,” she said.

“So it’s like putting in place technology and firewalls, and people, training the people not to take on phishing attacks.

“Then the second line of defence is taking out cyber insurance. Very few companies, only 20 per cent of small companies and 7 per cent of large companies take out cyber insurance. I think of it a little bit like house insurance.”