Failing to check digital defences
COMPANIES are failing to regularly test their digital defences and in some cases forgetting to switch on software aimed at protecting customer data, risking major breaches like the Optus hack, says the author of America’s first two national cyber security strategies.
Optus has come under intense pressure after a data breach last month exposed the personal details – including Medicare, passport and driver's licence data – of nearly ten million Australians, sparking a rift with the Albanese government and fuelling public anger.
Senior government figures have accused Optus of not cooperating, with Government Services Minister Bill Shorten saying the Singapore-owned telco was not moving fast enough while Anthony Albanese has demanded the company pay for the issuing of new identity documents.
But Jonathan Reiber – a former Pentagon chief strategy officer for cyber policy who now works for online security firm AttackIQ – says the government should be working more closely with businesses to fend off hackers.
“The vast majority of cyberspace is owned and operated by the private sector, yet governments are responsible for organising their countries for war,” Mr Reiber said.
“This places governments in the position of needing to engage the private sector in combined defensive operations to counter cyber attacks, often on a voluntary basis...”
As well as not regularly testing the effectiveness of cyber defences, Mr Reiber said other weaknesses included staff turnover and human error.
“... Sometimes they forget to turn something on – they would have bought a contract for capability but they only would have installed a portion of it,” he said.