Why cybersecurity continues to be a problem for industry

October 21, 2022

Why cybersecurity continues to be a problem for industryThe recent MyDeal incident is the third major incident affecting Australians. The recent cyber attacks are shredding any confidence users have in the cybersecurity protocols that are supposed to protect their data. Image: ShutterstockIn the past three weeks, three cyber attacks resulted in identity leaks that have sent ripples around the nation. Has the triple-A of cyber security (Authentication, Authorisation and Accounting) failed? “Cyber Security is a cat-and-mouse game.

Why cybersecurity continues to be a problem for industry

The recent MyDeal incident is the third major incident affecting Australians. We need the community’s confidence back in our cyber capabilities, say UNSW experts.

The recent cyber attacks are shredding any confidence users have in the cybersecurity protocols that are supposed to protect their data. Image: Shutterstock

In the past three weeks, three cyber attacks resulted in identity leaks that have sent ripples around the nation. 

Has the triple-A of cyber security (Authentication, Authorisation and Accounting) failed? 

In the recent MyDeal.com.au incident, early reports suggest that a compromised credential, most likely related to elevated users, was used to access a database storing user information. The attack led to the scrambling of 2.2 million customers data, which included email addresses, full names, phone numbers, delivery addresses and some customers’ birthdates.

In an interview with Channel 9 News, Professor Sanjay Jha, Chief Scientist for UNSW Institute for Cybersecurity (IFCYBER), said: "… the breach raises serious concerns for the end user's confidence in using online services and poses a serious challenge for the industry”.

“Compromised credentials should not provide easy access to malicious actors when multi-factor authentication (MFA) is in place,” he added.

“You would expect more stringent authorisation and access control and network partitioning to protect these critical assets.”

Safely navigating the digital world

Following basic practices on Cyber Security Guidelines listed by the Australian Cyber Security Centre can help a business protect their systems from cyber threats.

Dr Arash Shaghaghi, a Senior Lecturer in Cybersecurity from the UNSW School of Computer Science and Engineering and UNSW Institute for Cybersecurity, says it’s evident from the recent attacks that some industries are not adopting the latest research on cybersecurity fast enough.

“Users' data is collected by various services without any control from the end user, and often the data collection to join these services is excessive – leaving end users vulnerable and with limited options when a serious breach occurs,” he says.

“Other parts of the world are investing heavily in technological measures such as Self-sovereign identity (SSI), where users would have better control over who has access to what part of user identity and other information. 

“SSI gives individuals control over the information they use to prove who they are to websites, services and applications across the web. 

“We need to enhance investment in practical research and think of measures that facilitate the adoption of the latest technologies to reinforce our resiliency against the growing number of attacks targeting Australia.”

Optus

Last month, 10 million Optus customers experienced a similar fate when cyber criminals hacked into the system, stealing personal details such as passport ID and licence numbers. It was reported the breach suggests that an open port without authentication for testing purposes was left in the production version.

Unfortunately, these problems are well-known to the industry, says Prof. Jha.

“About five years ago, we were white boxing early versions of Philip Hue bulbs and Phillip Hue Bridge. We found that you could control these devices through such open ports,” he says.

“This was reported to the company who fixed the problem in their future version.  A simple penetration testing of servers before deployment could have potentially made such attacks difficult, if not impossible.” 

Prof. Jha is also concerned about the state of risk assessment and authorisation processes across the industry and says further stringent penalties for negligence would go a long way.

Often these processes are a box-ticking exercise in an Excel spreadsheet, and many conducting these tasks don’t have adequate background in cybersecurity, he says.

“This re-emphasises the need for quality education along with more research in quality tools to improve these processes,” says Prof. Jha.

“My team is working on such tools for a Distributed Energy Resource Management Security project at UNSW funded by Cyber Security Cooperative Research Centre.

“Cyber Security is a cat-and-mouse game. Researchers and industry experts need to come together in Australia and work closely to build stronger and more resilient capabilities that help safeguard businesses and users in today’s world of cyber war and cyber terrorism.

"We need to regain the community's confidence in our cyber capabilities." 

The source of this news is from University of New South Wales

Popular in Research

1

Mar 19, 2024

Nancy Hopkins awarded the National Academy of Sciences Public Welfare Medal

2

Mar 14, 2024

MIT Faculty Founder Initiative announces finalists for second competition

3

Mar 12, 2024

Corinne Bailey Rae is the 2024 Spring Artist-in-Residence at NYU’s Clive Davis Institute of Recorded Music

4

Mar 11, 2024

MSCA Postdoctoral Fellowship 2024: Call for expression of interest

5

Mar 9, 2024

Use of cultural specific terms in times of crises can cause greater health inequalities

White House fights back against age comments in Biden probe

8 hours ago

Sean ‘Diddy’ Combs blasts feds’ ‘military-level force’ during raid of his homes, calls investigation a ‘witch hunt’

8 hours ago

Boeing CEO Dave Calhoun to step down; board chair and commercial airplane head replaced in wake of 737 Max crisis

1 day ago

Biden, Promising Corporate Tax Increases, Has Cut Taxes Overall

1 day ago

Remembering MIT Copytech Director Casey Harrington

8 hours ago

Noubar Afeyan PhD ’87 to deliver MIT’s 2024 Commencement address

2 days ago