The Australian Home Affairs department may want to bury their heads in the sand after accidentally exposing sensitive information of more than 50 small business survey participants. Why were they being surveyed? Ironically, to get their thoughts on cybersecurity.
It is believed the names, business names, phone numbers and emails of the participants in the survey were released on the parliament website in response to a question for a government cybersecurity report.
The report is part of a wider initiative that was launched in the wake of last year’s Optus and Medibank cyber attacks – two high-profiled attacks that impacted Australia significantly. Australia’s Cyber Wardens program – which went on to receive $23.4m in the May budget – is aimed at training small businesses and the workforce to be “cyber smart” and aware of possible cyber threats.
The following cybersecurity experts offered their insights on the incident:
Erfan Shadabi, cybersecurity expert at comforte AG:
The incident highlights the importance of adopting robust data-centric security measures to safeguard sensitive information effectively. As cyber threats continue to evolve, it is crucial for government agencies and businesses alike to prioritize data-centric security as a fundamental aspect of their cybersecurity strategy. Proactive measures are vital to safeguarding personal information, fostering a secure digital ecosystem for individuals and organizations alike.Data-centric security revolves around securing the data itself rather than solely focusing on perimeter defence. It involves implementing encryption, access controls, and data masking techniques, ensuring that even if a breach occurs, the data remains encrypted and indecipherable to unauthorized individuals.
Erich Kron, Security Awareness Advocate at KnowBe4:
The irony that data was leaked in response to a survey about cybersecurity should not be lost here. This simply illustrates how easy it is for organisations to accidentally become a party to an accidental disclosure of sensitive information. It goes without saying that collecting private information is a task that must be taken seriously at any time, however, when the topic related to the information collection is something like cybersecurity, it looks very bad indeed when the information is not protected.
Organisations often find that accidental information leakage or data breaches can significantly harm an organisation’s reputation, even if it is not at a large scale. The old adage that any press is good press, can certainly be proven false in this case.