Cyber security never more important
OCTOBER is cyber security awareness month. The theme “Have you been hacked?” is ironic to say the least. The public relations professional who came up with this concept should send a bouquet of flowers to Optus, who has done more to raise awareness of the importance of cyber security than any theme-month ever could.
If there’s one good thing – and there aren’t many – to come from the largest ever cyber attack against an Australian business, it’s a nationwide awareness of the cyber-enabled threat to our way of life . And with this, the pertinent reminder that we all need to do more to counter it.
The cyber threat, and how to keep our systems secure, is now a mainstream conversation. And it couldn’t have come at a more critical time. At all levels, the cyber realm is the main arena for modern day crime, conflict and competition.
When discussing the Optus hack at a press conference on Friday, Australian Federal Police Assistant Commissioner Justine Gough correctly assessed that “cybercrime is the break and enter of the 21st century”.
At a grander scale, state on state competition is largely orchestrated in the cyber realm through espionage, intrusion, interference, cyber attacks and through critical advancements in emerging technology. The Australian Cyber Security Centre reported in 2021 that there is a cyber attack against an individual every eight minutes and against our critical infrastructure every 32 minutes.
But it only takes one successful attack to cause society-wide harm, as the 10 million Optus users who are now at risk of identity theft and fraud are personally aware. Our cyberenabled way of life comes with as much risk as it does reward.
Companies like Optus need to acknowledge the risk of harvesting data in equal measure to the reward they get for obtaining it. This is their responsibility and where there is responsibility there should be accountability. Australians deserve nothing less.
Current privacy laws already require companies to destroy personal data when it is no longer needed. We have to ask why Optus, and possibly many other companies like it, clearly aren’t doing so. If the threat of bigger fines is what it will take to hold companies accountable to existing laws, then the government needs to seriously consider this.
But we can’t just expect reactive legislative change to solve the perennial cyber security challenge.
We need technological solutions as much as legislative ones. It is incredibly risky and outdated for every service provider to be collecting 100 points of personally identifying information to verify customers’ identity, especially when these companies can’t be trusted to destroy this information when it is no longer needed.
We must move to digital verification where companies no longer need to collect, let alone store, document numbers or images.
It would allow Australians to access services with lesser risk of having their personal information stolen from multiple points of entry.
The government must now outline what reasonable measures are needed to secure Australian user data and to deter criminal cyber actors.
That’s what cyber security awareness month is all about. Because at all levels, our cyber-enabled way of life depends on it.