🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Analysis-In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce

Published 10/31/2022, 01:16 AM
Updated 10/31/2022, 04:56 PM
© Reuters. FILE PHOTO: A woman uses her mobile phone as she walks past in front of an Optus shop in Sydney, Australia, February 8, 2018. REUTERS/Daniel Munoz/File Photo
RHI
-
MMC
-

By Byron Kaye and Lewis Jackson

SYDNEY (Reuters) - A swathe of hacks on some of Australia's biggest companies has made the country a target for copycat attacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it, technology experts said.

    As Monday saw the disclosure of another potential breach of sensitive data - a ransomware attack on a communication platform for military personnel - cybersecurity experts put a wave of high-profile breaches down to a common factor: human error.

Between Australia's No. 2 telecoms company Optus, which is owned by Singapore Telecommunications Ltd, and the country's biggest health insurer, Medibank Private Ltd, some 14 million customer accounts have had data hacked - equivalent to 56% of the population - since Sept. 22 alone.

    The workforce weakness assertion points to a problem with no quick fix.

After COVID-19 border closures which ended in late 2021, Australian immigration officials say they are still working through one million visa applications from people seeking to work in the country, many in technology and cybersecurity jobs for employers looking to fill vacancies abroad.

    "They don't have enough trained people to take it seriously and do what is needed," said Sanjay Jha, chief scientist at the University of New South Wales institute for cybersecurity.

    "Sometimes you're ticking a box in an Excel spreadsheet and you don't understand what you're doing, and then the outcome is not going to be great. You need people who are really skilled and trained properly."

With hacking software easier to acquire online and the shift to working from home leaving more weak spots in company networks, the number of data breaches has tripled globally in two years, according to cybersecurity industry research. This week 37 countries, including Australia, will meet at the White House with the goal of tackling ransomware and other cyber crime.

The uptick has sent shockwaves through corporate Australia in particular due to the high visibility of targets and the sensitivity of their data, including millions of medical records.

Experts said a steady stream of smaller breach notifications may be the result of hackers seeking to match others' success.

BIG TARGET

Government agency the Australian Cyber Security Centre (ACSC) said the number of breach notifications rose 13% to be worth a total A$33 billion ($21 billion) in the year to June 2021, the most recent available figures. The agency is expected to show another increase when it publishes 2022 figures in the coming weeks.

Australian cybersecurity insurance premiums rose by an average of 56% year-on-year in the second quarter, said insurer Marsh & McLennan Companies Inc (NYSE:MMC).

"It's a rich country, a first-world country that does a lot of business, that has a lot of data, so therefore it is targeted," said Win-Li Toh, principal at actuary firm Taylor Fry, who specialises in cybersecurity risk.

"Trying to employ people to defend your assets is getting harder because there just aren't enough people coming out, and education will take one to two years."

Companies are offering premiums of up to 50% on starting salary offers for cybersecurity workers due to a "deep talent deficit", said Nicole Gorton, a director at specialist recruiter Robert Half (NYSE:RHI). The average Australian cybersecurity base salary is A$105,000, according to jobs website Glassdoor.

Neil Curtis, an Australian cybersecurity executive of U.S. technology contractor DXC Technology Co, who runs a programme retraining military veterans in cybersecurity, said he had requests for about 300 trained personnel in the next six months.

Curtis said an official at DXC Technology had recently relayed to him a private request for cybersecurity staff for one of Australia's biggest companies.

"I said, 'How many do you want?'," he told Reuters by phone.

© Reuters. FILE PHOTO: A woman uses her mobile phone as she walks past in front of an Optus shop in Sydney, Australia, February 8, 2018. REUTERS/Daniel Munoz/File Photo

"They said, 'We'll take everybody you've got'."

($1 = 1.5584 Australian dollars)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.