Analysis: In Australia, a hacking frenzy fueled by a smaller cybersecurity workforce

Analysis: In Australia, a hacking frenzy fueled by a smaller cybersecurity workforce

  • Number of accounts hit in Optus, Medibank breaches equals 56% of population
  • Hackers who seek to match the successes of others – experts
  • Human error is a common factor in underpowered workforces – experts
  • There is no quick solution to the search for properly trained personnel abroad

SYDNEY, Oct 31 (Reuters) – A spate of hacks at some of Australia’s biggest companies has made the country a target for copycat attacks, as a skills shortage leaves an understaffed, overworked cyber security workforce ill-equipped to stop it, they said. technology experts.

As another potential breach of sensitive data was revealed on Monday — a ransomware attack on a communications platform for military personnel — cyber experts chalked up a wave of high-profile breaches to a common factor: human error.

Between Australia’s No. 2 telco Optus, which is owned by Singapore Telecommunications Ltd ( STEL.SI ), and the country’s largest health insurer, Medibank Private Ltd ( MPL.AX ), about 14 million customer accounts have been hacked data – equivalent to 56% of the population – since 22 September alone.

The labor shortage claim points to a problem with no quick fix.

After the COVID-19 border closures ended at the end of 2021, Australian immigration officials say they are still working through a million visa applications from people looking to work in the country, many in technology and cyber security jobs for employers looking to fill vacancies abroad. read more

“They don’t have enough trained people to take it seriously and do what it takes,” said Sanjay Jha, chief scientist at the University of New South Wales’ cyber security institute.

“Sometimes you check a box in an Excel spreadsheet and you don’t understand what you’re doing and then the result won’t be great. You need people who are really skilled and trained properly.”

With hacking software easier to obtain online and the shift to working from home leaving more vulnerabilities in corporate networks, the number of data breaches worldwide has tripled in two years, according to a cybersecurity industry survey. This week 37 countries, including Australia, will meet at the White House to tackle ransomware and other cybercrime.

The rise has shocked corporate Australia, particularly because of the high visibility of the targets and the sensitivity of their data, including millions of medical records.

Experts said a steady stream of smaller breach notifications may be the result of hackers seeking to match the success of others.


Government agency the Australian Cyber ​​Security Center (ACSC) said the number of breach notifications rose 13% to a total value of A$33 billion ($21 billion) in the year to June 2021, the most recent figures available. The agency is expected to show further growth when it releases figures for 2022 in the coming weeks.

Australian cyber security premiums rose an average of 56 percent year-on-year in the second quarter, according to insurer Marsh & McLennan Companies Inc ( MMC.N ).

“It’s a rich country, a first-world country that does a lot of business, has a lot of data, so it’s targeted,” said Win-Li Toh, director of actuarial firm Taylor Fry, which specializes in cyber security risk. .

“Trying to hire people to defend your assets is becoming more and more difficult because there just aren’t enough people and the training will take one to two years.”

Companies are offering premiums of up to 50% on initial salary offers for cyber workers because of a “deep talent shortage,” said Nicole Gorton, director at specialist recruiter Robert Half. The average base salary for Australian cyber security is A$105,000, according to jobs website Glassdoor.

Neil Curtis, Australian cybersecurity executive at U.S. technology company DXC Technology Co ( DXC.N ), which runs a cybersecurity retraining program for military veterans, said he had requests for about 300 trained personnel over the next six months.

Curtis said an official at DXC Technology had recently forwarded to him a private request for cyber security staff for one of Australia’s largest companies.

“I said, ‘How much do you want?’ he told Reuters by phone.

“They said, ‘We’ll take everyone you’ve got.’

($1 = 1.5584 Australian dollars)

Reporting by Byron Kaye and Lewis Jackson. Editing by Alasdair Pal and Kenneth Maxwell

Our Standards: The Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *