It’s Just Hackers
In 2014 Hackers stole data from Yahoo that resulted in the details of 500 million users personal details including names and emails, as well as “unencrypted security questions and answers” be taken.
The breach damaged the trust in the brand, required Yahoo to publicly disclose the cyber-breach and advise all its users to change their passwords.
However, not all users changed their password and some are still reporting loss of data
The Cost of a Cyber Breach*
The costs of a data leak or data loss are rapidly accruing, with the total average cost per data breach within Australia now sitting at $AUD2.82 million, according to a 2015 study from IBM and Ponemon Institute. Moreover, the average cost per lost or stolen record has reached $AUD144, while the average number of breached records per incident is just under 20,000.
But I don’t have that many clients
The high-profile breaches recently included MySpace (359 million), LinkedIn (164 million) and Adobe (152 million), however, the hacking of a Gold Coast doctor in 2012 cost $4000 dollars.
Report a cyber incident
The Australian Signals Directorate (ASD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists ASD with this role.
The Australian Government Information Security Manual (ISM) states agencies must report cyber security incidents to ASD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.
Reporting cyber security incidents helps ASD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.
The types of cyber security incidents agencies should report to ASD include:
- suspicious or seemingly targeted emails with attachments or links
- any compromise or corruption of information
- unauthorised access or intrusion into an ICT system
- data spills
- theft or loss of electronic devices that have processed or stored Australian government information
- intentional or accidental introduction of viruses to a network
- denial of service attacks
- suspicious or unauthorised network activity.
To report a cyber incident:
- Government ICT professionals are encouraged to use the OnSecure website. Australian Government-sponsored customers who do not have one should apply for an OnSecure account.
- Alternatively, government ICT professionals may download a cyber security incident report form (PDF)
- If you download the cyber security incident report form, it must be handled and stored in accordance with its security classification once completed. This may require access to a classified fax or mail service.
- Other organisations should use the Australian Cyber Security Centre incident report form.
- Phone ASD, 1300 CYBER1 (1300 292 371).