CYBERSECURITY: What happened to the cyberattack on Optus?

In light of one of the biggest cyberattacks in the country, let’s unpack what happened, what could have
been done, and how you can prevent this from happening to your business.

Optus, one of the leading Australian telecommunications companies, has revealed that their data
security had been compromised by a still unknown perpetrator, putting many customers at risk. The
cybersecurity catastrophe had caused an uproar amongst their countless users followed by a
bombardment of questioning on the level of security Optus actually had in place prior to the incident.

WHAT HAPPENED TO OPTUS?

Optus has recently revealed that they are facing a data breach, impacting 1.2million customers with at
least one form of identification number that is valid and current. While another 900,000 customers had
numbers associated with expired identification documents in conjunction with their personal
information. All of which were contacted and prompted by Optus to take immediate action on changing
their identification documents.

Optus is working with government agencies to see if any further action could be taken while a forensic
assessment was done by Deloitte to determine the extent of the data breach. The telecommunications
company also has the support of its parent company, Singtel, who is closely monitoring the situation as
investigation continues and new information is uncovered. Australian police are taking action and
seeking to protect affected customers, prioritising the 10,000 users whose sensitive details are being
offered for sale on the dark web.

While the company is doing everything they can to recover and protect their users from further
exposure, plus providing the public with the latest updates, incendiary responses and outcry ensued
across the country. Including Australia's Minister for Home Affairs Clare O'Neil who lashed out at Optus
over the breach with the government also accusing Optus of lax security.

On the other hand, according to Australian Federal Police (AFP) assistant commissioner for cyber
command Justine Gough, the perpetrator behind this attack has used obfuscation techniques.

Gough stated they have dedicated cyber investigators on the job who are focused on delivering justice
for those whose personal information has been compromised. “Customers affected by the breach will
receive multijurisdictional and multi-layered protection from identity crime and financial fraud,” Gough
assured.

On 7th October, Optus released an update welcoming the Government’s announcement on the proposed
changes to data sharing regulations. This enables businesses to apply enhanced monitoring and
safeguards to the accounts of customers affected by the current and future cyber incidents stating it is
“about protecting Australians”.

The Federal Government has taken the initiative to form a joint working group with Optus to enhance
the coordinated response to the cyberattack.
WHAT CAN YOU DO TO PROTECT YOUR BUSINESS FROM CYBERATTACKS?
Cyberattacks with this much immense damage affecting millions of users has brought to light how
Cybersecurity is crucial to every business, big or small. Indeed, more and more are becoming aware of
the risk of cyberattacks and more so its potential to destroy both the business and diminish the
customer’s safety.

To overlook the security of your business and your customers’ sensitive data is a detrimental mistake.
And so, as the threats to software security are constantly changing, conducting a Security Audit is the
first step to identifying any vulnerabilities. This provides you guidance on how to keep your security
updated and secured given the ever-evolving nature of cyberattacks.

STAY SECURED WITH LATERAL

Lateral Security Audit (LSA) provides vital insights into any possible security threats, because modern
businesses rely on secure software. It is now common practice for any business which has invested in
software to seek a second opinion as part of their business process. Conducting a security audit with
Lateral enables your business and your software to stay secure, and fully up to date with the latest
industry practices and standards.

As a company, we have a strong history in the Health, Education, and Agritech industries where data
security is vital. We can identify quality - we have a strong team of developers and analysts that are
among the best at developing and refining quality software and apps.

Check out our Complete Network Security Audit Checklist in our blog.

For more information on our Security Audit, get in touch with us!