Author: Crystal Hewett

Commonwealth Appoints New Cyber Security Advisory Board

Commonwealth appoints new cyber security advisory board

Minister for Home Affairs and Cyber Security Clare O’Neil has appointed a new Expert Advisory Board to oversee the development of the 2023-30 Australian Cyber Security Strategy to improve Australia’s cyber resilience.

According to the federal government, the objective of the new Expert Advisory Board is to help make Australia the world’s most secure cyber nation by 2030, overseeing the creation of the new Australian Cyber Security Strategy.

“Australians have recently suffered two of the worst data breaches in our nation’s history. We must work together to counter these threats, build partnerships and set ourselves up for success,” Minister O’Neil said.

“Everyone has skin in the game when it comes to Australia’s cyber security. If you use the internet, have a smart device in your home, or have a perspective on what Australia’s cyber security should look like, I encourage you to get involved as the Expert Advisory Board seeks views throughout the strategy’s development.”

“Australia should aim to be the world’s most cyber secure nation by 2030. The development of the 2023-30 Australian Cyber Security Strategy will outline the government’s long-term vision for the future of Australian cyber security, and the concrete steps required to get there.”

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below. 

Contact



    Hackers Attempt to Breach Private Hospital Network

    Hackers attempt to breach private hospital network

    Mater Health, a company that run a network of private hospitals across Queensland, has announced its IT systems have been targeted by hackers.

    The company holds confidential health records of thousands of Queenslanders though say it managed to successfully stop the attack before the information was accessed.

    “There is no evidence that any personal information, medical information, or any other sensitive information has been compromised,” a Mater spokesperson said.

    “We are remaining vigilant and have implemented additional security measures, including requesting staff to change their passwords.”

    The spokesperson also emphasised Mater’s continuous dedication to cyber security, stating its sensitive data remains protected from the ongoing threat of cyber crime.

    “Mater has comprehensive systems and processes in place to ensure sensitive information is protected.”

    Cyber criminals are continuing to target Australian businesses after a string of recent data breaches.

    Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

    Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

    Contact us below to speak with our cyber security experts and start the journey to protect your company today.

    Contact



      Investigation Into Medibank Launched, Could Face Millions in Fines

      Investigation into Medibank launched, could face millions in fines

      An investigation has been opened into the Medibank data breach which could result in heavy fines.

      The health insurer’s personal information handling practices will be investigated by The Office of the Australian Information Commissioner (OAIC).

      In a statement the OAIC said the investigation will focus on “whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure,”

      “The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs).”

      If the findings of the investigation reveal that this is a serious or repeated breach, Medibank could face penalties of $2.2 million for each violation.

      In response to several data breaches, The Australian Government recently passed a bill to increase penalties for such offenses from $2.2 million to $50 million.

      Although Medibank will not be affected by the new laws, organisations should evaluate the current methods they use to protect the data they collect.

      Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

      If you are concerned about these new penalties, and don’t understand what your level of risk is request a free assessment to start your journey on protecting your company, employees and customers below. 

      Contact



        Last Pass Suffers Second Data Breach in 5 Months

        LastPass suffers second data breach in 5 months

        Password management app Last Pass has announced hackers have breached its cloud storage containing customer data.

        This is the second time the company has been targeted in five months, after a similar breach in August.

        Cyber attackers gained access to the company’s developer environment using a hacked developer account, stealing source code and technical information that allowed them to access customer data from the most recent breach.

        LastPass still maintain that passwords remain safe after both attacks.

        “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass chief executive officer Karim Toubba said.

        “We have determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.”

        With over 33 million users and 100,000 businesses, the company says it is one the most popular password management systems on the market.

        LastPass announced that an investigation has been immediately launched, alerting law enforcement and engaging leading security firm Mandiant.

        If LastPass changes its position or releases further information on the matter we will share it here.

        If you have any questions or wish to know more about this incident, please contact us below.

        Contact



          Google Bypasses Privacy, Puts Users’ Data on the Map

          Google Bypasses Privacy, Puts Users’ Data on the Map

          Google’s handling of user data has long been a subject of concern for data privacy enthusiasts. While the tech giant has undergone a comparatively low number of data breaches in recent history, its hold over the Android platform allows them to harvest an unprecedented amount of data. 

          Now, Google is taking more steps to ensure the collection of user data across non-mobile devices as well. Recently Google has changed their domain structures to include all their services under one parent domain. This means that any permissions given by the user for one google service, such as Google Maps, extend to all Google services under the domain. 

          The discovery was made by an alert user when they noticed Google had switched from a subdomain to a subdirectory.

          This means any pop-up that appears when the website tries to access a user’s camera, microphone or location only needs to be accepted once to be applied across the vast range of Google’s services.

          Subdomains are considered children of the parent domain, existing outside the main domain within a disparate partition. Alternatively, subdirectories are treated as part of the main domain as they are nothing but a page under the domain.

          Google had previously used a subdomain for Google Maps, with URL ‘maps.google.com’ but now has now changed to a subdirectory with the URL ‘google.com/maps’.

          For example, the user’s mic can be accessed from the Google search page, with camera permissions being granted from Google Meet. Location access allowed through Google Maps may likely be used to track users’ location in search engine without granting specific permissions.

          Users wanting to use Google Maps for a short period of time will be asked to give permission to access their location. Under the new domain structure, Google can now access this data any time allowing them to geo-track the user when they have a Google Website open.

          Do you know what apps are tracking your location? Do you know the security score of apps you are using? Are you aware of the permissions you have granted?

          Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

          Contact us below to speak with our cyber security experts and start the journey to protect your company today.

          Contact



            Government Passes Bill Increasing Data Breach Penalties to $50m

            Government passes bill increasing data breach penalties to $50m

            The Australian Government has passed a bill that will significantly increase the penalty for businesses that suffer repeated or major data breaches.

            The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase the civil penalty from $2.2 million, to the penalty that bears the most financial weight:

            • $50 million
            • 30 per cent of adjusted turnover for the period or
            • three times the financial gain from the misuse of data in the case of outstandingly shocking breaches.

            The bill passed through the senate and then the lower house on Monday after it was slightly reworded to target organisations that suffer “serious” or “repeated” breaches.

            Concerns have been raised over the lack of definition of serious and repeated incidents’, and that small to medium businesses may be hit by the same penalties as large organisations.

            “Reforms to clarify key definitions in the Privacy Act, developed a tiered penalty regime, provide greater clarity on the applications of penalties and enhance security guidelines are being considered through the Privacy Act review,” said Labor Senator and Agriculture Minister Murray Watt.

            The increase in penalties is a direct response to recent major data breaches in Australia, with government aiming to send a clear message to large companies; they must do better to protect the data they collect.

            Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

            If you are concerned about these new penalties, and don’t understand what your level of risk is request a free assessment to start your journey on protecting your company, employees and customers below. 

            Contact