The Optus data breach was the second-largest data breach in Australia. 9.8 million current and former Optus customers were impacted by the event, with 2.1 million suffering compromises of highly-sensitive government identification information, like driver’s license numbers and passport numbers. In other words, this single cybersecurity incident has placed almost half of the Australian population at risk of identity theft scams and financial fraud.
The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.
It’s rare that a week goes by without at least one data breach making the news. Criminals are targeting companies of all sizes to see if they can slip past their digital defenses and steal confidential data.
Read also: Apple fixes yet another iOS zero-day, Iranian atomic energy agency hit by hackers, and more.
Data encryption is a bit like insurance - we all know we need it (a necessary evil you might say), but it’s difficult to decide what we need to protect, and with an increasing amount of options out there, it’s a mission in itself to find the right provider. That’s probably why when we take out insurance we tend to only get coverage when we feel it’s absolutely necessary – for example, for our property, our cars and when we travel.
As we are in the midst of the October Cybersecurity Awareness Month of 2022, all of us need to be more cautious than ever regarding the risks surrounding an increasingly complex and lethal cyber threat landscape. Appknox takes this opportunity to join forces with cybersecurity champions and stakeholders to raise awareness about mobile app security. Our aim is to empower everyone to protect their personal data from cybercrime.
When companies drive a wedge between their workforce and their security culture, not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work, there will be human error at work. It is natural, and never 100% avoidable!
Read also: Microsoft fixes a Windows zero-day, Mango Markets DeFi platform robbed of over $100M, and more.
