Insights

What the Red Cross Leak and #CensusFail Have in Common - Leap Consulting

Written by Zaun Bhana | Nov 18, 2016 6:43:53 AM

The ramifications from the #CensusFail are still playing out in a Senate Committee hearing for everyone to see. However, for IBM, who just acknowledged that turning one of it’s routers off and on again may have avoided the whole debacle, the end to proceedings cannot come quick enough.

We are now also witnessing what is being described as the largest data leak in Australian history. There is a very thorough and detailed explanation of what went on courtesy of security expert, Troy Hunt, on his blog. One of the biggest takeaways is that this was not a hack or based on what we are being told was any data sold. The Red Cross and AusCert have by all accounts gone above and beyond to respond in the right way.

But the nagging question is why do events like this seem to be escalating and gettting larger? It seems convenient to blame the “cloud” or “hackers” yet our view is there are three major reasons this will just continue to happen and at an ever increasing speed.

1. The IT Industry is Unregulated and Immature

When you compare the history and current legislation that just lawyers and accountants have to do business in compared to IT, it is not even in the same solar system. Whilst no one in business normally advocates for regulation how many instances of professional negligence, misconduct or even basic due process being missed have to be encountered before change occurs?

Not many of us would elect to have an untrained surgeon operate on us, yet when it comes to IT we see that plumbers have more regulation and required training than a lot of so called IT professionals. At some point either industry associations or government or both need to work on a solution.

2. Where There is Data There is Opportunity

Whether it is the plans for Australia’s next submarine fleet or shoppers details at David Jones, data is valuable…..very valuable. In the case of the Red Cross leak, the person who found it was actively scanning for instances of information on public web servers. In other cases, it may just be ransomware software that wants to encrypt your computer system for a payoff to unlock it.

As we continue to shift to a world where more and more of what we do revolves around the Internet this is a new fact of life. Just like the introduction of cars provided a whole new revolution around transport, it also led to a situation of having over 1200 fatalities and roughly 54,000 thefts in Australia last year. There is a reaon we need licenses, insurance and laws.

3. People Make Mistakes

When you look at how fast the world is changing right now, it is forcing many people to operate in fields that didn’t exist when they went through school or university. If you then examine Governments, they themselves cannot keep pace with just the legislation needed to protect the very people they serve when it revolves around data breaches.

In business, we have seen CEO’s fired by their own boards for situations they really didn’t have a personal understanding of. It might be generational, it might be fear or it might even be assumption but mistakes online when it comes to technology can be devastating for more than just the individual.

Next Steps

It’s scary to think we are just at the start of this wave. Nobody wants to be Chicken Little especially not when the evidence shows their view to be correct. Yet there is a lot that can be done. It all starts with educating yourself around your risks and exposure to what is happening around you rather than just assuming it will never happen to you.

As a business, you need to take IT security and data confidentiality seriously. It should be part of your IT plan or strategy and absolutely needs to be discussed in board meetings and on the management agenda. As a community, we cannot keep sitting on our hands or trying to avoid making decisions in the hope we don’t get affected. At some point, you will be at ground zero if you choose to do nothing right now.