Sumit Bansal, vice president of Asia Pacific at cloud security company BlueVoyant, said recent breaches, including Meriton, took advantage of the fact that data was not just concentrated in one place, but duplicated and shared with vendors. and other parts.
“Meriton is a reminder for companies to look at their vendors, suppliers and other third parties. We have been affected by a number of supply breaches in recent weeks with Latitude Financial and The Good Guys…these companies are not the only ones negatively affected by a third-party related breach, and most likely They are not the last,” he said.
“Organizations should only provide employees and third parties with access to data necessary for their function. This helps control what data can be accessed in the event of a breach. They should also implement policies to prevent third parties from retaining data after their services are no longer used.”
In the past, supply chain attacks have been used to spread malware through customer and end-user networks, such as Sunburst in 2020 and Kaseya in 2021. But in these latest attacks, like some that hit Telstra, NAB and others in the past year, the target appears to be personal information that can be sold or leveraged to commit fraud.
Australia’s Information Commissioner’s Office recently reported that 497 breaches were reported to it in the second half of 2022, an increase of 26 per cent compared to the previous half.
Of the top 40 breaches that each affected 5,000 Australians or more, 33 were the result of cybersecurity incidents.
“Organizations must take appropriate and proactive steps to protect themselves and respond to a variety of cyber threats,” Privacy Commissioner Angelene Falk said this month.
“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”
Meriton has been contacted for comment.
Get news and reviews on tech, gadgets and games in our tech newsletter every Friday. Sign up here.