It is understandable that over the years people have been getting a bit relaxed about cyber security as they have basically been reading or hearing day after day about cyber crimes that are happening and, in the end, very few people have been directly affected.
However, for those who are, it can be a real nightmare. They will have to change passwords, bank details, identification and so on, not to mention the potential financial implications of being hacked or scammed.
Be assured that you want to avoid this at all costs as you really don't want to go through such terrifying situations.
The Optus hack is bringing this issue very close to home with potentially up to 11 million people affected by it.
It doesn't really matter if the hacker releases the data or not, the reality is that this hack makes it clear what can happen and what for an impact this has or can have.
This occurs at a time that the cyber threat has never been as serious as present.
The deteriorating geopolitical situation as well as the big shift in the way that criminals operate in the cyber domain are creating the sort of disasters as we are seeing with the Optus breach.
One thing is for sure is that in order to enjoy all the positives resulting from the digital economy, we need to be far more vigilant about the security of our personal information that we are often freely giving away to third parties.
In most cases a hack is a result of lack of security either on the side of organisations who host personal data or a lack of security at the user side.
Obviously, criminals interested in these crimes prefer to go for the organisations as they are able to score large amounts of data from a single attack.
The Optus hack shows the enormous award for the criminals involved.
There are also very clear questions about the Optus security regarding personal data of its customers.
It becomes more and more clear that the company's security system and procedures are not up to scratch.
It looks like that it was far too easy for the hacker to get into the company's system and that its data is not segmented and protected in ways with as a result that a range of different data sets with all sorts of personal data got into the hands of the hacker.
So, it is paramount that Optus - and of course all organisations, especially those with sensitive personal data, maximise their efforts to increase their security.
Often the criminals are looking for weaknesses in a system that they can exploit to get access to the data that is stored here.
Typical situations that are exploited by these people are when maintenance, tests and new installations occur.
Data systems are extremely complex and if something unusual happens such as testing for example it could well be that somewhere else in the system an opening appears that hackers can exploit.
So, it is critical that organisations upgrade their security so that before tests or other events are happening a full security check is conducted to ensure that that work, they need to do doesn't create an opportunity for hackers.
On the user side we have to be more and more prepared that data stored with the many organisations we deal with will get hacked. So be prepared for the worse.
Users will therefor also have to maximise their efforts to protect their data from being misused.
You need to protect yourself from criminals who do get access to your personal data.
In order to make it more difficult for them to get access to your bank or phone account there are steps that you can take.
A two-step protection system is a good start.
Apart from your password this requires you to enter a unique code that you receive from e.g., your bank or phone company by SMS or email before you can go into your account.
This offers you a significant higher level of protection.
READ MORE:
Most of these systems also allows you, as an alternative, to use your fingerprint to get into your personal details.
These codes and fingerprints protections are making it far more difficult for hackers to get access to your accounts.
None of the security systems are bullet proof but, on both sides, (organisations and users) more can be done to better protect personal data.
The government is also not of the hook. As with so many policies there has been a serious lack of vision from the government and therefore also no clear strategy attached to it.
There is a dozen or so initiatives that are not aligned and sometimes conflicting with each other.
As we are saying with the Optus hack as well, decisions are made on the fly without proper process.
So much of what passes for government cyber-security initiatives have been knee-jerk reactions to external events, rushed through with no time for thoughtful inputs from experts in the field.
Input from experts should be asked before policies are developed, not afterwards.
There has not been any due process in the formulation of the policies.
This is serious undermining of the trust in the government being able and interested to work with the experts, industry and the community to put a solid policy in place.
Hopefully the Optus hack is another wake-up call that we all need to take cyber security far more seriously.
- Paul Budde is an independent telecommunications analyst who runs his own company Paul Budde Consultancy
