{"id":167,"date":"2022-11-17T23:25:00","date_gmt":"2022-11-17T23:25:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=167"},"modified":"2025-06-19T09:12:26","modified_gmt":"2025-06-19T16:12:26","slug":"rash-of-breaches-hit-businesses-in-australia-hard","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/","title":{"rendered":"Rash of Breaches Hit Businesses in Australia Hard"},"content":{"rendered":"\n

Recent spate of breaches in Australia spur huge fines to push security teams to tighten their external attack surface<\/a>.<\/em><\/p>\n\n\n\n

The Australian businesses community has been hit hard by a string of breaches that have exasperated legislators, roiled security teams and exposed the private data of tens of millions of Australian citizens to attackers. <\/p>\n\n\n\n

Increased Penalties Aim to Bolster Cybersecurity Defenses<\/h2>\n\n\n\n

The flurry of breaches have come so fast and with such regularity exasperated Australian government officials have responded by increasing financial penalties against companies who are repeatedly involved in serious breaches. It\u2019s an attempt to nudge all companies to harden their cybersecurity defenses.<\/p>\n\n\n\n

The attacks raise the stakes for businesses which can now add massive financial penalties to the list of breach deterrents and consequences. <\/p>\n\n\n\n

What is publicly known about the attacks is they range from targeted ransomware incidents to double extortion attacks, where an adversary encrypts data and exfiltrates it for additional ransom payment leverage. How are adversaries penetrating these companies\u2019 defenses? Piecing together what we know and what we can assume, the attack vector has been the organizations\u2019 external attack surface.<\/p>\n\n\n\n

An external attack surface is often what an adversary sees and tries to hack first when attempting to pierce a company\u2019s perimeter defenses, reminds Anne Marie Zettlemoyer, CyCognito\u2019s chief security officer. This underscores why companies need to prioritize cybersecurity hygiene, she said. \u201cWhen organizations can quickly gain visibility and understanding of where their risk and exposures are, they will be best suited to defend and recover fast.\u201d<\/p>\n\n\n\n

What is Behind the Attacks? <\/h2>\n\n\n\n

Companies targeted in the string of attacks are not inconsequential. In the last several weeks, nearly a dozen well-known companies have come forward to disclose they are victims of cyberattacks and breaches that resulted in serious customer data leaks.<\/p>\n\n\n\n

Security experts affirm that the recent uptick in attacks is tied to a \u201cskills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it,\u201d according to Sanjay Jha, chief scientist at the University of New South Wales institute for cybersecurity, quoted in a recent Reuters report<\/a>.<\/p>\n\n\n\n

Strata management company SSKB is one of the latest victims, publicly disclosing a breach tied to a ransomware attack in late October. SSKB said in a statement that a third-party gained unauthorized access to SSKB\u2019s IT environment, downloaded data and posted a ransom-demand on the dark web.<\/p>\n\n\n\n

In another high-profile attack, one of Australia\u2019s largest private health insurers, Medibank<\/a>, which covers one-sixth of Australians, was extorted for money when an adversary stole 200 gigabytes of data tied to 9.7 million of its customers.<\/p>\n\n\n\n

The largest of the recent Australian businesses breached involves Australian mobile carrier and second largest telecom provider Optus. In September attackers are believed to have penetrated the telco\u2019s perimeter defenses and breached data tied to 9.8 million customer accounts. The carrier could face millions in fines by the Australian Communications and Media Authority (ACMA) and the Office of the Australian Information Commissioner (OAIC) who have both launched investigations into the Optus breach, according to published reports<\/a>.<\/p>\n\n\n\n

And the list goes on.<\/h2>\n\n\n\n

Other recent cyberattack impacting Australian-based firms and those with significant beacheads in the country include, Telstra, NAB (the National Bank of Australia), MyDeal, an online retail marketplace, and Vinomofo, an online wine merchant.<\/p>\n\n\n\n

As for the Telstra breach, Reuters news agency reported that the Australian government believes the breach was \u201cdue to a basic security gap<\/a>\u201d. In the case of Vinomofo, it publicly stated<\/a> \u201can unauthorized third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website.\u201d<\/p>\n\n\n\n

These breaches underscore the need for organizations to reevaluate how they define and protect their external attack surface. Also up for re-evalution is their imperative to quickly identify opaque business risks and mitigate highest-risk vulnerabilities immediately. <\/p>\n\n\n\n

Financial Penalties Drive an EASM Imperative <\/h2>\n\n\n\n

Recent attacks have pushed the Australian government to increase financial penalties against companies who are repeatedly involved in a serious breach. The penalty, previously $2.2 million AUD (about $1.4 million), will increase to at least $50 AUD million (about $32 million) for “serious or repeated privacy breaches”. <\/p>\n\n\n\n

Attorney General Mark Dreyfus made the announcement and said plans are in place to make changes to the country\u2019s federal Privacy Act, which will allow regulators to increase fines.<\/p>\n\n\n\n

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Dreyfus is quoted in news reports<\/a>. “Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate.\u201d<\/p>\n\n\n\n

Making the EASM Case<\/strong><\/h2>\n\n\n\n

The string of Australian business breaches are a reminder of the importance an external attack surface management (EASM)<\/a> platform can play in mitigating cyber risk and business risk. EASM platforms, such as CyCognito\u2019s, continuously map an organization\u2019s entire attack surface, identify the path of least resistance an attacker could use to breach a firm and helps security teams prioritize what risks to patch first – based on real world threat intelligence.<\/p>\n\n\n\n

By using automation for key aspects of EASM, CyCognito significantly reduces costs associated with security team work cycles. According to a recent report, sponsored by Forrester, the CyCognito platform saves 70% in labor costs tied to identifying vulnerable assets and where they are in an organization and who manages them.<\/p>\n\n\n\n

In a 2022 report, Enterprise Strategy Group research revealed 69% of breached business attributed the attack to unknown, unmanaged or poorly managed assets within their organizations\u2019 external attack surface. This includes every pathway into an organization\u2019s network including those owned by subsidiaries, public clouds, third-parties and software supply chains.<\/p>\n\n\n\n

\u201cFirms are\u2026 deploying new types of devices as part of digital transformation initiatives, further exacerbating the growing attack surface, which leads to management challenges, vulnerabilities, and potential system compromises,\u201d wrote Jon Oltsik, ESG senior principal analyst. <\/p>\n\n\n\n

Rule Your Risk and Attack Surface with CyCognito <\/h2>\n\n\n\n

CyCognito takes an attacker\u2019s approach to providing visibility into your external attack surface risk. We use natural language processing and machine learning to do reconnaissance of your organization and subsidiaries and many other connected networks that are often unexpected ways attackers will breach a network.<\/p>\n\n\n\n

That\u2019s just the start. We then help you look at all your assets and test running code, the way an attacker would, looking for vulnerabilities, misconfigurations, exposed data and more.<\/p>\n\n\n\n

Regular testing of application programming interfaces, web applications and all external facing systems is key for holistic defense. Automating checks and remediation allows defenders to stay a step ahead, as cyber criminals are constantly evolving. <\/p>\n\n\n\n

Here is how CyCognito protects your organization against ransomware attacks. Our software-as-a-service platform delivers: <\/p>\n\n\n\n

    \n
  • Visibility of your entire external attack surface, ALL of the time<\/li>\n\n\n\n
  • Continuous attack surface security testing<\/li>\n\n\n\n
  • Efficient prioritization of security issues<\/li>\n\n\n\n
  • Streamlined elimination of attack surface risks <\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    Recent spate of Aussie breaches spur huge fines to push security teams to tighten their external attack surface.<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[69,6,17],"class_list":["post-167","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-attack-path","tag-attack-surface-management","tag-external-attack-surface-management"],"yoast_head":"\nRash of Breaches Hit Businesses in Australia Hard | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rash of Breaches Hit Businesses in Australia Hard | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Recent spate of Aussie breaches spur huge fines to push security teams to tighten their external attack surface.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-17T23:25:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T16:12:26+00:00\" \/>\n<meta name=\"author\" content=\"Tom Spring\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Spring\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\"},\"author\":{\"name\":\"Tom Spring\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26313d36a7083dad5093098f579e063c\"},\"headline\":\"Rash of Breaches Hit Businesses in Australia Hard\",\"datePublished\":\"2022-11-17T23:25:00+00:00\",\"dateModified\":\"2025-06-19T16:12:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\"},\"wordCount\":1145,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Attack Path\",\"Attack Surface Management\",\"External Attack Surface Management\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\",\"name\":\"Rash of Breaches Hit Businesses in Australia Hard | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2022-11-17T23:25:00+00:00\",\"dateModified\":\"2025-06-19T16:12:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rash of Breaches Hit Businesses in Australia Hard\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26313d36a7083dad5093098f579e063c\",\"name\":\"Tom Spring\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1404e99cecf243146baf40f6c7006aa7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1404e99cecf243146baf40f6c7006aa7?s=96&d=mm&r=g\",\"caption\":\"Tom Spring\"},\"description\":\"Was a Media Manager at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/tom-spring\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rash of Breaches Hit Businesses in Australia Hard | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/","og_locale":"en_US","og_type":"article","og_title":"Rash of Breaches Hit Businesses in Australia Hard | CyCognito Blog","og_description":"Recent spate of Aussie breaches spur huge fines to push security teams to tighten their external attack surface.","og_url":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/","og_site_name":"CyCognito Blog","article_published_time":"2022-11-17T23:25:00+00:00","article_modified_time":"2025-06-19T16:12:26+00:00","author":"Tom Spring","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tom Spring","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/"},"author":{"name":"Tom Spring","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26313d36a7083dad5093098f579e063c"},"headline":"Rash of Breaches Hit Businesses in Australia Hard","datePublished":"2022-11-17T23:25:00+00:00","dateModified":"2025-06-19T16:12:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/"},"wordCount":1145,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Attack Path","Attack Surface Management","External Attack Surface Management"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/","url":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/","name":"Rash of Breaches Hit Businesses in Australia Hard | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2022-11-17T23:25:00+00:00","dateModified":"2025-06-19T16:12:26+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/rash-of-breaches-hit-businesses-in-australia-hard\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rash of Breaches Hit Businesses in Australia Hard"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26313d36a7083dad5093098f579e063c","name":"Tom Spring","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1404e99cecf243146baf40f6c7006aa7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1404e99cecf243146baf40f6c7006aa7?s=96&d=mm&r=g","caption":"Tom Spring"},"description":"Was a Media Manager at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/tom-spring\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=167"}],"version-history":[{"count":8,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":1582,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions\/1582"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}