Optus, Medibank and Latitude, YOU are responsible for your clients data
Just the same as all businesses who hold sensitive personal information, you may not want to admit this but you are responsible for your clients data security where their sensitive data is stored on your platform.
How do the above machines stay safe? From this years Moomba festival – answer the owners of the side shows know they have a responsibility to their customers…..
To: big businesses in Australia, please stop misleading the public with statements made post breach to lessen the negative impact to your brands.
You are responsible for the outcomes of these attacks, not the crime, but making it possible in the first place… in my state my Victoria it is a crime to leave your car unlocked, why? because it makes the criminals job trivial.
In each of the three significant breaches over the past 6 months MY data was stolen. With the first case they should not have even had my data as I had not been a customer for over 7 years.
I trusted you to keep personally identifiable information I provided you, secure and finally removed when I was no longer your customer.
When statements are made, such as:
“This is a sophisticated attack”, or “its only a limited set of data, affecting a small number of users”, it is damaging to the whole cyber security industry.
For example: “This is a sophisticated attack”, makes less informed businesses hold back on doing the right thing because, “why bother” if I will be compromised anyway.
None, Zero, Nada, Zilch of these three attacks were sophisticated or complex, they were all a lack of a basic security posture management, tools do not keep you secure, smart and good people in your security team do – listening to your security team or MSP is critical.
I can not fathom a financial business today not having Multi factor auth rolled out across the entire business? yet a very prominent one did not – if you are a financial business and you still do not have MFA implemented then move quickly because at least one of your employees credentials exists on the dark web somewhere – if you have not been breached then a third party supplier of yours has.
The positive to this is that there are many great people in the cyber security industry that can help your business reach a level of security posture that will ensure your risk of breach is minimal and if you listen to them they will help your business grow safely.