We live in a world of room-cleaning robots and artificial-intelligence driven algorithms that sort inboxes after learning users’ habits.
So, given all those impressive advancements, why do the news headlines suggest we aren’t making such great strides in the realm of cybersecurity?
Let’s look at this matter more closely and examine some of the most devastating cybersecurity attacks or breaches of recent times, plus what we can expect for this year.
Australia saw one of its worst cybersecurity breaches in late 2017
You’re probably accustomed to hearing about mega breaches in the United States and thinking, “It’s a nice country to visit occasionally, but I’m glad I don’t live there.” However, last November, a data breach occurred close to home. During that incident, approximately 55,000 Australian residents and public servants had personal details exposed online after a leak caused by a third-party contractor.
In addition to passwords and names, the compromised data included salary and credit card information. Most of the credit card numbers were expired at the time, but this event was substantial nonetheless. An Australian official confirmed it affected four governmental departments.
The notifiable data breaches scheme is in effect from February
Learning about compromised data is enough to make anyone sigh tiredly and wonder if things will ever improve. However, it wasn’t all bad news in 2017 on the data security front in Australia.
That year also saw the passage of the Notifiable Data Breaches Scheme, which takes effect as of Feb. 22. What does it mean for you? The legislation requires companies that have been subjected to data breaches to contact the people who’ve had their data stolen if the event is likely to result in serious harm. Plus, those entities must get in touch with the Australian data commissioner.
On the consumer side of things, individuals who had their data snatched will not merely be left in the dark wondering what to do next. In addition to alerting people about breaches, the establishments in question are required to give advice about steps to take moving forward.
It’s too early to say what kind of impact this new law will have. However, information and awareness are key components for helping people respond effectively to incidents regarding seized data.
POS terminal hacks are becoming more common
In addition to data leaks, there has also been an increasing number of instances involving hackers inserting malware onto the Wi-Fi-enabled POS devices employees use for in-store transactions. In some cases, hackers hit the same brands more than once.
Case in point? Kmart, an American retailer with over 700 locations in the United States. After first getting targeted in 2014, the chain announced a 2017 event of the same kind. Both incidents involved malware placed on POS machines, but representatives from Kmart insisted neither one gave hackers personal details like names and email addresses. During the 2017 event though, the retailer believed some credit card details were taken.
Something similar happened at Arby’s, a fast-food chain in the United States known for its roast beef sandwiches and distinctive sauce. The brand discovered hackers stole data from credit cards swiped during transactions, and that the loss of data integrity persisted from October 2016 to January 2017.
Automated threat detection and response technologies are on the rise
Both the cybersecurity issues discussed above are worrisome. In the case of Kmart, although the retailer apparently limited the amount of damage done, it only confirmed the breach after an external party brought up growing suspicions of an unannounced problem. The fact that hackers infiltrated the system in the same way twice doesn’t encourage confidence. One of the main issues with the Arby’s case is that it went on for so long without anyone noticing.
However, the fact that companies are increasingly getting on board with automated threat detection and response applications should help you breathe easier when thinking about the security of your data. In one example, Verizon, one of the top communications companies in the U.S., recently acquired Niddel.
That company depends on machine learning to find cybersecurity threats. Verizon will use Niddel’s technologies to provide additional security offerings to enterprise-level customers.
Fortunately, company executives are getting serious about such automation Down Under, too. Last fall, senior IT managers gathered in Sydney to discuss ways automated technologies could supplement the things humans do to reduce network infiltration attempts. They also agreed tech-based solutions could help cut down on the challenges caused by IT skills shortages.
It’s not hard to understand why automated applications could stop threats like those mentioned above from ever becoming problematic for the respective groups or brands. After technology sounds the alarm, humans can step in and investigate before hackers cause substantial or ongoing damage.
Companies may not be doing enough to get prepared
Due to the number of prolific breaches around the world, you’d think companies would conclude they couldn’t afford to ignore cybersecurity concerns. However, according to a 2017 report commissioned by Telstra, one of Australia’s leading telecommunications providers, glaring shortcomings still exist.
Statistics showed 32.2 percent of respondents in Australia said their companies had cybersecurity awareness programs, and 34.9 percent instituted incident-response processes. To put things in perspective though, this survey — which focused on the Australian and Asian markets — had a small sample size of 360 people, and only 42 percent of the insights gained came from Australia.
Business leaders have progressively budgeted more for cybersecurity
Despite the potentially discouraging data above suggesting companies aren’t taking cybersecurity seriously in all the ways they should, executives said they increased their cybersecurity budgets in 2017. Going back to the Telstra study, it showed 81 percent of Australian people polled expanded the allowable amounts spent to safeguard against online attacks. In 2016, it was 75 percent.
Assuming that trend continues in the right direction for 2018, it’ll be easier to feel confident business leaders have the financial resources needed to make significant impacts in improving cybersecurity measures for their establishments. Even if they haven’t taken action yet, at least the money is available.
If you’re the kind of person who typically notices the negative sides of things before the positive ones, it’s easy to focus too much on the mega breaches that resulted in stolen data. Indeed, those problems stand out, but it’s important not to overlook the progress made in the cybersecurity sector. When taking an all-encompassing look that also highlights those accomplishments, it’s possible to have hopeful feelings about the future of cybersecurity in 2018, too.
Nathan Sykes is the editor of Finding an Outlet, where he writes about the latest in technology and business. Be sure to follow Nathan on Twitter @nathansykestech.