Recently, hackers targeted a common third-party File Transfer product, used by many government agencies world-wide to transmit sensitive data. Among the documents released on the dark web were NSW transport documents, government tenders, steering committee papers, and other corporate documents. The reputational, legal, and financial ramifications have not yet been disclosed however the impacts are expected to be far reaching.
The Project Lab’s Executive Director, Joel Harris says that, “this breach serves as a warning to government and any business or individual using digital services or technology products.
Digital and cyber risk assessments are now a part of everyday business, and a strong software maintenance regime such as a patching lifecycle, is essential in preventing this type of security breach”.
A lack of transparency and communication also contributed to the scale of this breach. The Governor of the Reserve Bank of New Zealand (another organisation impacted by the breach) stated that the company of the file transfer product failed to notify the bank for days that an attack was occurring and that a patch was available to prevent the breach.
Project Lab Senior Consultant, Mariae Leckie says that “Board’s and Senior Executives need to carefully consider their plans for business continuity and understand their reporting obligations in light of this emerging and ongoing threat”.
Project Lab Cyber Practice Lead, Alan Smith explained that third-party breaches are becoming more common, and that the responsibility falls on both the third party as well as the organisation which owns the data.
If you are concerned about protecting your business, customers and data and want to assess your vulnerability to attack and keep your business safe, talk to a member from The Project Lab’s CyberRisk team.