In modern Australia, nearly everything is connected to the internet. Personal information is given to websites as part of signing up, shopping and banking is done online, tax returns go through the MyGov website and (in NSW and WA state elections) online voting is a popular option.
With the internet playing such a major role in everyday life, cyber security has become a major issue for individuals, for businesses and for governments. Threats come from everywhere, whether they aim to be disruptive (such as the 2016 census debacle) or have a more malicious agenda (like the recent “WannaCry” virus crisis).
Individuals
On a personal level, Australians need to more aware than ever that software installation and downloading content from suspicious websites has significant risks. Personal or financial information should also only be given to trusted websites.
There are so many apps available, for example, that some have malware installed on them that can steal banking information saved on computers and phones. Additionally, email scams are becoming more successful than ever (and they are more sophisticated than the stereotypical Nigerian Prince who needs a small loan).
Hackers are also stealing credit card information if it isn’t sent through a secure website, and even setting up fake shopping websites that look almost identical to real ones in order to get information.
If a website does not have an SSL (secure socket layer) certificate, it is vulnerable to hackers stealing any information you put in.
An SSL (shown by either the “s” at the end of “https” or a green padlock symbol next to the URL) assures that any data entered into the website is encrypted, so hackers can’t access the information as it goes between the individual and the website.
An SSL simply means that information is encrypted, not that the site is trustworthy. Therefore, while an SSL certificate is absolutely essential for any website that collects personal or financial information, it is still important to make sure that the website is legitimate.
An SSL certificate on its own does not guarantee that the site itself is not a scam – people have been equipping fake online shopping websites with SSL certificates to make them appear legitimate.
Apart from your regular internet devices, any gadget that connects to the internet in any way (as most new gadgets do) can potentially be accessed remotely without your permission, so make sure you are careful if you see anything suspicious.
Business
Businesses are being targeted by hackers like never before. Because of the huge amount of data they hold about their customers, any potential breaches are extremely serious.
An example of a serious data breach was the Ashley Madison hack. The website promoted itself as offering ways for people to have “discrete” affairs, but hackers managed to obtain and publish their entire client list.
Many large firms are spending significant amounts of money on cyber security, but because they are failing to educate their staff this effort is being wasted. In 2017, the most common way for hackers to gain access to business information has been through emailing an employee pretending to be a senior staff member and just asking for it.
Hackers are also attaching malware to emails, and sending them to employees in order to gain some control over a computer in the network. Once they are in, they can steal data, slow down business processes or even potentially steal money.
If a thief can get an employee’s password (whether through getting them to open a malicious email attachment or other means) then they can access the business network. If they can get into the profile of someone with access to money, they can transfer huge amounts to themselves.
Banks obviously have the greatest need to be aware of this, especially with online banking being the most popular way for people to manage their finances, but the major Australian banks appear to be on top of their cyber security responsibilities (for the moment).
Social media companies also need to be very careful, especially ones that are allowing people to make payments to each other through their website such as Facebook.
In addition to protecting the data that they have stored, businesses need to make sure that customers and clients can send that data to them safely. An SSL certificate ensures that the information sent through a website cannot be accessed by anyone other than the owner of that website.
Every business that asks for personal information (for example, to set up a profile) or engages in e-commerce absolutely needs to have an SSL certificate to protect their website and their clients.
Without an SSL, anything else you do with your web design will be a bit of a waste because not many people will trust your website – and they shouldn’t.
Government
With the amount of data state and federal governments collect online, it is vital that they secure themselves. Governments are also frequently a target of mischievous (rather than malicious) attacks, such as the denial of service attacks intended to disrupt the census in 2016.
If these attacks had been handled properly, the only effect would have been the census website slowing down in its processing speed slightly. As it was, there was a major disruption but no personal information was stolen (nor was there an attempt to access any).
The introduction of the MyGov website makes it even more vital for the federal government to have the strongest possible cyber security. Far more personal information is recorded through this site than through any business, so it has to be secure.
Through the combination of tax returns, Medicare claims and Centrelink applications all going through the site, a data hack targeting the Department of Human Services would reveal huge amounts of personal information about all Australians. Everything from financial status to health issues would be stolen and possibly published.
The issues around a serious hack into other government departments, particularly the Australian Defence Force, would be even more dire.
Beyond gaining access to national security information, the potential for a hacker to impede the functioning of the government and defence force could massively weaken the response both to external threats and internal emergencies.
Of course, the state governments that allow online voting need to be absolutely certain that these votes are not corrupted. At a “white hat” hacking function in Las Vegas it took under an hour and a half to take control of a US voting machine, so hopefully Australian voting websites have better defences.
Takeaways
With all of these potential threats out there, it is vital for individuals to do everything they can to stay cyber security conscious. Only giving information to trusted websites with an SSL certificate is a good start, as is being careful around downloads and suspicious emails.
Businesses also need to do their part with educating their staff and making sure they are ready for an attack, as do state and federal governments. Once these organisations have the data, though, there isn’t much individuals can do other than hope they protect it properly.
For information about the the latest cyber security threats in Australia, keep an eye on the SSL certificate to protect website.