Opinion: The Optus Data Breach

By Mike Baird

The recent cyber security attack on Optus revealing Personal Identifiable Information (PII) will potentially go down as  one of the worst attacks witnessed in Australia to date.

This is every organisation and CEO’s worst nightmare!  

I actually feel strong empathy for the board and CEO, of the long journey ahead, pending an investigation and public media backlash about to commence.

This will be an extremely stressful period for both individuals and the broader businesses to face. I’m sure every company covering the Telecommunications, Financial Industry and Government sectors across ANZ will be following this situation very closely.

This is a timely reminder to all companies holding PII to continually review their Cyber Security Processes as threats and new technology are evolving.

Sadly for Optus, the financial impact will be severe through fines and reputational damage. However, the impact on public trust will far exceed any legislative fines and will be a difficult narrative to overcome and correct.

Pending a full investigation to understand the root cause, it’s been suggested by media outlets that there was an unprotected API at Optus, allowing cybercriminals a back entry, to crawl through, and penetrate the organisation, stealing passport details, driver’s license details, mobile phone and customer details.

Cyber security incidents in general have many contributing facets leading up to the event. It’s never a one-dimensional cause and effect. Complacency, a lapse in process or the human touch, can disrupt the best-laid plans and systems in the world.

Continual vigilance, constant systems improvements and ongoing training can mitigate the risk if not prevent these attacks.

This underlines once again the importance of a holistic cyber security strategy, to reduce the potential risk. However, the best strategy in the world is only as good as the employees supporting it. It’s this frailty that is the root cause of weakness and the Achilles heel of any organisation that cyber criminals exploit.

It’s the responsibility of not only the organisation but the public to accept and police suspicious activity. It’s not just on Optus, as this is a global sickness and vigilance is everyone’s responsibility. We shouldn’t be surprised by these events, they will continue to occur into the future, with more around the corner.

However, a strong strategy continually revised, led by motivated, experienced and highly educated staff, can help reduce this scourge. As the world’s digital footprint grows post-Pandemic, so too are the fallout effects when the system breaks down.

Leave a comment

Translate »