The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.

It’s rare that a week goes by without at least one data breach making the news. Criminals are targeting companies of all sizes to see if they can slip past their digital defenses and steal confidential data.

Read also: Apple fixes yet another iOS zero-day, Iranian atomic energy agency hit by hackers, and more.

Data encryption is a bit like insurance - we all know we need it (a necessary evil you might say), but it’s difficult to decide what we need to protect, and with an increasing amount of options out there, it’s a mission in itself to find the right provider. That’s probably why when we take out insurance we tend to only get coverage when we feel it’s absolutely necessary – for example, for our property, our cars and when we travel.

As we are in the midst of the October Cybersecurity Awareness Month of 2022, all of us need to be more cautious than ever regarding the risks surrounding an increasingly complex and lethal cyber threat landscape. Appknox takes this opportunity to join forces with cybersecurity champions and stakeholders to raise awareness about mobile app security. Our aim is to empower everyone to protect their personal data from cybercrime.

When companies drive a wedge between their workforce and their security culture, not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work, there will be human error at work. It is natural, and never 100% avoidable!

Read also: Microsoft fixes a Windows zero-day, Mango Markets DeFi platform robbed of over $100M, and more.

Before we delve into the reasons behind Optus breach, let’s see the chronology of events. According to various reports, Optus customer data was accessed via an API interface that was not secure. Apart from unauthenticated API, there was another serious issue related to easily enumerated ID’s (identifiers). These are foundational controls that were found lacking in the API implementation..

The worst-case scenario happens: Your organization suffers a data breach. It’s going to take time to clean it up, the business’ reputation may take a hit, and there’s the major issue of cost. How much does cleanup cost? What if it’s a ransomware attack where your organization must pay the ransom? What other specialists will you have to hire—and how much will you need to pay them?

In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and delivery company Uber. In a blog update, Uber attributed the attack to the infamous Lapsus$ group that has made a name for itself over the past year with successful breaches of household names including Microsoft, Rockstar Games, Samsung, Nvidia, Ubisoft, and Okta.