CYBERSECURITY: What happened to the cyberattack on Optus?
In light of one of the biggest cyberattacks in the country, let’s unpack what happened, what could have been done, and how you can prevent this from happening to your business.
Optus, one of the leading Australian telecommunications companies, has recently revealed that their data security had been compromised by a still unknown perpetrator, putting many customers at risk. The cybersecurity catastrophe had caused an uproar amongst their countless users, followed by a bombardment of questioning on the level of security Optus actually had in place prior to the incident.
What happened to Optus?
Optus has recently revealed that they are facing a data breach, impacting 1.2million customers with at least one form of identification number that is valid and current. Another 900,000 customers had numbers associated with expired identification documents in conjunction with their personal information. All of them were contacted and prompted by Optus to take immediate action on changing their identification documents.
While the company is doing everything they can to recover and protect their users from further exposure, plus providing the public with the latest updates, incendiary responses and outcry ensued across the country, including Australia's Minister for Home Affairs, Clare O'Neil, who lashed out at Optus over the breach, the government also accused Optus of lax security.
Optus has attempted to characterise the cyberattack as "sophisticated," but according to Australian Minister for Cybersecurity Clare O'Neil, it was actually just a "basic" attack. She said Optus “effectively left the window open” for customer data to be stolen.
The incident reportedly started with the attacker accessing an unprotected API server without authentication. In other words, the attacker didn't even have to log in.
Application Programming Interfaces (APIs) are widely used to provide modern apps and websites access and logic from business applications. At Lateral, we have been involved in security reviews highlighting outdated or little security protecting these critical application building blocks.
What can you do to protect your business from cyberattacks?
Cyberattacks with this much damage affecting millions of users have brought to light how Cybersecurity is crucial to every business, big or small. Indeed, more and more are becoming aware of the risk of cyberattacks and its potential to destroy both the business and diminish the customer’s safety.
To overlook the security of your business and your customer’s sensitive data is a detrimental mistake. And so, as the threats to software security are constantly changing. Conducting a Security Audit is the first step to identifying any vulnerabilities. This provides guidance on how to keep your security updated and secure, given the ever-evolving nature of cyberattacks. Cyber security today is much more than just having a firewall. Software is widely distributed and opens business systems to the internet. API security and adequate authentication are just some of the required components.
Stay secured with Lateral
Lateral Security Audit (LSA) provides vital insights into possible security threats because modern businesses rely on secure software. It is common practice for companies that have invested in software to seek a second opinion as part of their business process. Conducting a security audit with Lateral enables your business and software to stay secure and fully up-to-date with the latest industry practices and standards.
As a company, we have a strong history in the Health, Education, and Finance industries, where data security is vital. We can identify quality - we have a strong team of developers and analysts that are among the best at developing and refining quality software and apps.
To learn more about how to keep your company safe, check out our Complete Network Security Audit Checklist. You can also get in touch with us to find out more about our security audit services.