Security News

This forms a core part of the upcoming 2023-2030 Cyber Security strategy, and it aims to build six cyber shields in service of citizens, businesses and government at all levels. As well-meaning as this initiative is, there are many implications about the impact the six cyber shields approach will have on Australian businesses.

Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy. "Once you start using CCTV or any sort of imaging, they've got the raw data from which various biometric mechanisms might be applied," said Chair of the Australian Privacy Foundation David Vaile.

Whether they've been hiring new talent into their teams or looking to keep their existing talent engaged and in place, the short supply of skills in recent years has made it quite a challenging time. Logicalis has also launched a Talent Services business to help IT leaders meet skills needs and get projects done without hiring staff directly.

According to IBM's Cost of a Data Breach Report 2023, the average cost of a data breach in Australia has grown by 32% in five years to AU $4.03 million. As the risk of data breach incidents rise, IT leaders are in a position to minimize the cost of a data breach by implementing DevSecOps, utilizing AI and automation, prioritizing incident response planning and testing, streamlining data breach discovery and taking out adequate cybersecurity insurance for when the worst happens.

An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation. The Select Committee on Foreign Interference through Social Media yesterday filed its final report [PDF] which outlines the reason the committee convened: social media has become the public square in which policy debate tales place, but "Is increasingly being weaponized to spread disinformation to deliberately mislead or obscure the truth for malicious or deceptive purposes." Plenty of that disinformation comes from foreign powers, "As part of a broader, integrated strategic campaign to advance their own national interests at Australia's expense."

Australian law firm HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. HWL Ebsworth is one of Australia's largest law firms, with an annual revenue of hundreds of millions of dollars, employing over 2,000 people and operating nine offices nationwide.

The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Directorate developed three payloads it could deploy to ISIL fighters' smartphones and PCs "Without ISIL having to interact with the device in any way." The documentary describes how even that level of intervention made a difference as commanders in the field were able to request the ASD act against fighters in real time - and those fighters struggle to coordinate their defense.

The Australian Competition & Consumer Commission says Australians lost a record $3.1 billion to scams in 2022, an 80% increase over the total losses recorded in 2021. Most of the losses concern investment scams, which accounted for $1.5 billion, followed by remote access scams that resulted in losses of $229 million, and payment redirection scams that cost victims another $224 million.

The Australian Federal Police has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023. Eventually, two men and two women aged between 26 and 35 were arrested in Brisbane, Melbourne, and Adelaide.

Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems. Latitude said the attack on the vendor exposed credentials of its staff, which were used to log on to two other service providers it uses for matter such as identity verification.