Australia’s Largest Christian News Site

We like to think that our money is safe in the bank, and that our data is safe in the cloud. But are they?

With the digitisation of currency and information, the world is at our fingertips. We can travel the globe with ready access to our funds in any currency, work remotely if our job allows it, store memories and share updates internationally with the click of a button.

A friend of mine had his phone stolen while on holiday, but he was able to re-access all his data thanks to Apple iCloud. What a lifesaver, particularly when one is stranded in a foreign land.

Companies are also able to overcome geographical barriers and leverage the benefits of a hyper­connected world through cloud computing. Instead of being tied down by hardware, organisations can now operate seamlessly online.

However, there is a danger with these modern conveniences. They provide a terribly tempting target for hackers.

Breaches

French multinational Thales is the eighth largest defence contractor in the world. It conducts an annual review of global cloud security, surveying almost 3,000 IT and security professionals from 18 countries.

The 2024 Thales Cloud Security Study reveals that cloud resources are now the primary target for cyber-attacks:

“Forty-four per cent of organisations have experienced a cloud data breach, with 14 per cent reported having an incident in the last 12 months.

“Human error and misconfiguration continued to lead the top root cause of these breaches (31 per cent), followed by exploiting known vulnerabilities (28 per cent), and failure to use multi-factor authentication (17 per cent).”

Business Wire reported:

“Growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66 per cent of organisations using more than 25 SaaS applications and nearly half (47 per cent) of corporate data being sensitive.

“Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 10 per cent of enterprises encrypting 80 per cent or more of their sensitive cloud data.”

A worrying statistic, considering how much information we entrust to various organisations nowadays, from healthcare providers to our employers.

Banks Bombarded

Chris Sheehan, who leads National Australia Bank’s Executive Group for Investigations and Fraud, recently revealed in the ABC’s The World Today that Australia’s big four banks are under constant cyberattack.

“We’re engaged in asymmetrical warfare on a day-by-day basis,” he said. “We’re dealing with threat actors of all different types.

“From, being colloquial, Larry the loser in the basement at home that’s having a bit of a chop away at the laptop and trying to steal money from people or hack into a system, all the way to highly sophisticated, ruthless and resilient transnational organised-crime groups; and they’re the ones that are driving 90 per cent of the scams that are hitting Australian victims.

“And then at the top end of the scale, we’re dealing with nation-state actors, malicious nation-state actors.”

Cybersecurity expert Troy Hunt told ABC News that Australians are losing $3 billion a year to scammers. Cybercriminals are enticed by the relative ease and greater gains compared to attempting a bank robbery in person.

Sheehan states:

“The UK Government recently declared fraud and scams a national emergency. It’s now treated as a national security issue on par with terrorism. That says it all.”

With all these cyberattacks and sneaky scams, it is no wonder that some people are eschewing digital transactions and joining in the “Cash is King” campaign. Yet, more than 2,100 bank branches have closed across Australia since 2017, and ATM withdrawals have fallen precipitously since the pandemic. It seems that smartphones or debit cards are becoming mandatory to participate in the modern economy even as a consumer.

Cybersecurity Regulation

As reported by CFOtech Asia, Australia’s Security of Critical Infrastructure Act (SOCI) Compliance Regulatory Posture has been adjusted “to enforce stricter security and risk-management protocols from mid-August”, focusing on “education … to effectively drive an uplift in regulated entity compliance”.

The SOCI Act covers critical infrastructure such as financial services and markets, food and groceries, energy, healthcare and medical, transport, water and sewerage, higher education and research, data storage and processing, the defence industry, and space technology.

Responsible entities are required to “produce and comply with a Critical Infrastructure Risk Management Program (CIRMP)”.

Herbert Smith Freehills law firm describes these developments as “some of the most significant cybersecurity reforms in Australia’s history”, adding that “in many respects, Australia is leading the way globally in this area of reform, amongst an increasingly complex cybersecurity regulatory ecosystem”.

The Australian Banking Association also asserts that Australian banks have “some of the strongest anti-scam protections in the world”.

One hopes that these reassurances stay valid in the face of ever-mutating threats to our online security. In the end, it also boils down to what each of us does to safeguard our data and funds, being alert to possible frauds and downloading the latest software to shield our digital devices.

___

Republished with thanks to News Weekly. Image courtesy of Adobe.