Attack! Attack! Do you have a Cyber Emergency Response Plan?

Disclosed cyber attacks have become more frequent and are only on the rise.  These attacks are causing data leaks, significant financial losses and severe system disruptions.  

Cyber-attacks on financial institutions and companies are becoming increasingly common.  There is a systemic cyber-risk related to every major data breach. Once the hacker gets into the company’s computer systems, they can likely access that whole company’s supply chain.  This can cause detrimental commercial and reputational loss.

One of Australia’s “Big Four” banks is the latest cyber-attack victim with almost 100,000 Australian bank customers being exposed in a cyber-attack through PayID, a real-time payment platform.  PayID is a service which uses the New Payments Platform infrastructure to allow the instant transfer of money between customers of either the same or different banks using either a mobile number or email address.  PayID acts like a telephone book.  Security experts have said this structure allows what they call an “enumeration attack”, where numbers can be changed at random to locate the names and mobile numbers of thousands of Australians on a mass scale.  Computer security experts have warned that the stolen data creates a large risk as it could be used to commit mass fraud.

This cyber attack came amid a warning from the financial regulator of the growing risk of cyber attacks to financial businesses. 

In February 2018, the New Payment Platform was forced to address concerns that the service PayID could be used to look up any Australian’s details.  They confirmed it was possible but stated using PayID was a user’s choice.

The bank and PayID are not the only victims; the Australian National University was also recently hit by a cyber attack which resulted in unauthorised access to significant amounts of personal details dating back 19 years. No industry is immune to attack.

There is no one right way to protect your company against a cyber-attack. Buying firewalls, obtaining great security services and training your staff is not enough. It must be a holistic approach.  The best way to be prepared for such an attack is through a Cyber Emergency Response Plan.  That plan needs to be ready to implement immediately as you become aware of the attack.  Its creation can’t begin at the time of the attack. That is too late.

The Cyber Emergency Response Plan will act as a guide to outline the steps you need to take to manage a cyber security incident, ensuring you detect incidents promptly, minimise impact and return to business as usual as soon as possible.

Lavan can assist by working with you to create a tailored Cyber Emergency Response Plan for your company, this will ensure you are prepared, minimise the impact and reduce the loss of a cyber-attack.

If you have any questions in relation to this article, please contact Iain Freeman.

Disclaimer – the information contained in this publication does not constitute legal advice and should not be relied upon as such. You should seek legal advice in relation to any particular matter you may have before relying or acting on this information. The Lavan team are here to assist.