Analysis – In Australia, a hacking frenzy sparked by a small cybersecurity workforce
By Byron Kay and Lewis Jackson
SYDNEY (Reuters) – A slew of hacks on some of Australia’s largest companies have made the country the target of copycat attacks, just as a lack of skills has left an under-equipped and overworked cybersecurity workforce, tech experts said.
Monday also saw the unveiling of another potential breach of sensitive data — a ransomware attack on a communications platform for military personnel — that set cybersecurity experts on a wave of high-profile breaches with a common factor: human error.
Between Australia’s No. 2 telecom operator Optus, owned by Singapore Telecom Limited, and the country’s largest health insurer, Medibank Private Ltd, 14 million customer accounts – equivalent to 56% of the population – have been hacked since September 22. lonliness.
Confirming workforce weakness points to a problem for which there is no quick fix.
After the COVID-19 border closures that ended in late 2021, Australian immigration officials say they are still working through a million visa applications from people seeking work in the country, many in tech and cybersecurity jobs for employers looking to fill vacancies abroad. .
“They don’t have enough trained people to take it seriously and do what is needed,” said Sanjay Jha, chief scientist at the University of New South Wales Institute of Cyber Security.
“Sometimes you check a box in an Excel spreadsheet and don’t understand what you’re doing, and then the result isn’t great. You need people who are really skilled and trained properly.”
With hackers getting easier online and the shift to working from home leaving more vulnerabilities in company networks, the number of data breaches has tripled globally in two years, according to cybersecurity industry research. This week, 37 countries, including Australia, will meet at the White House with the goal of tackling ransomware and other cybercrime.
The surge sent shockwaves through Australian companies in particular due to the high visibility of targets and the sensitivity of their data, including millions of medical records.
Experts said the constant flow of small intrusion notifications may be the result of hackers seeking to match the success of others.
The number of breach notifications rose 13% to a total of A$33 billion ($21 billion) in the year to June 2021, a government agency, the Australian Cyber Security Center (ACSC), said, the most recent figures available. The agency is expected to show another increase when it publishes the 2022 figures in the coming weeks.
Australian cybersecurity premiums rose 56% on average year-over-year in the second quarter, insurance company Marsh & McLennan reported.
“It’s a rich country, a first world country that does a lot of business, has a lot of data, and is therefore a target,” said Win Lee Tuo, director of actuarial firm Taylor Frye, who specializes in cybersecurity risks. .
“Trying to hire people to defend your property is getting more and more difficult because there aren’t enough people coming out, and education will take one to two years.”
Nicole Gorton, director of specialist recruitment firm Robert Half, said companies are offering premiums of up to 50% on initial salary offers for cybersecurity workers because of a “significant talent deficit.” The average base salary for Australian cybersecurity is A$105,000, according to job site Glassdoor.
Neil Curtis, an Australian cybersecurity executive at US technology contractor DXC Technology Co, which runs a program to retrain military veterans in cybersecurity, said he has received requests for about 300 trained personnel in the next six months.
Curtis said a DXC Technology official recently passed on a special request for cybersecurity personnel for one of Australia’s largest companies.
“I said, ‘How much do you want?'” he told Reuters by phone.
“They said, ‘We’ll take all of yours.'”
($1 = 1.5584 Australian dollars)
(Reporting by Byron Kay and Lewis Jackson; Editing by Alasdair Ball and Kenneth Maxwell)
#Analysis #Australia #hacking #frenzy #sparked #small #cybersecurity #workforce