Final hours! Save up to 55% OFF InvestingProCLAIM SALE

Paying off hackers is common, says top Australian govt cybersecurity firm

Published 10/24/2022, 05:51 PM
Updated 10/25/2022, 12:08 PM
© Reuters. FILE PHOTO: A woman walks past a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray

By Byron Kaye

SYDNEY (Reuters) -Corporate insurers routinely pay hackers a ransom for the return of stolen customer data, a top Australian government cybersecurity provider said on Tuesday, as the country's biggest health insurer revealed the growing scale of a recent breach.

The claim from Macquarie Telecom Group Ltd, which runs cybersecurity for 42% of Australian federal employees, including the Australian Taxation Office, gives a sense of a lack of preparedness in an industry that has been in the spotlight amid a wave of high-profile hacks in the past month.

"These are the largest corporations in the world, falling over themselves to pay criminals as fast as possible to cap their liability," Macquarie CEO David Tudehope told Reuters in an interview, referring to cyber insurance firms that he did not name. "In what other sphere of life do you see reputable corporates pay millions of dollars to criminals and somehow it's all okay?"

Insurers who paid ransom to hackers had no way of ensuring data was deleted, meaning sensitive customer information remained at risk of being exposed online, Tudehope added.

This month Australia's largest health insurer, Medibank Private Ltd, revealed that a criminal had shown it stolen personal health data of 100 of its 4 million customers and demanded payment for the data's return. On Tuesday, Medibank said the criminal had shown data of another 1,000 customers and added that the number was likely to grow.

The country's No. 2 telco, Singapore Telecommunciations Ltd-owned Optus, said last month about 10 million customer accounts, equivalent to 40% of the Australian population, had data taken by a hacker demanding payment. A person claiming to be the Optus hacker later withdrew the demand over concerns about publicity.

The federal government has meanwhile said it would introduce fines of up to A$50 million for companies on the receiving end of data breaches.

"This is an enormous wake up call for the country," Cyber Security Clare O'Neil told parliament. "We need to do more as a country to step up."

A national crisis management group, set up during the COVID outbreak, was activated on Saturday and has met three times to discuss the Medibank hack, O'Neill added.

Tudehope, the Macquarie Telecom CEO, declined to comment on any incidents but blamed, in part, underprepared cybersecurity chiefs who were too focused on internal stakeholder management and too reliant on all-in-one protections like firewall software.

"The challenge in cyber is it just changes so quickly and the people in senior management who, in many cases, do not have the background in cybersecurity because it wasn't a thing as they worked their way up through their career," Tudehope said.

© Reuters. FILE PHOTO: A woman walks past a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray

"They're making decisions they don't have a strong understanding of in many cases," he added. "The people who have a deeper level of IT security (knowledge) are often at junior or middle levels of an IT department or government agency."

Tudehope said most companies would receive cyber attacks and should have a recovery plan, such as having confidential data backed frequently up in a separate location, to ensure hackers could not access it.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.