Security Breach Update
20 June 2019

Australian Universities at Significant Risk of a Cyber AttackAustralian Universities at Significant Risk of a Cyber Attack

A recent audit of the IT environment for Australia’s universities found repeated failures to address identified weaknesses in their IT systems, making them especially susceptible to cyber attacks. Focused on just 10 universities, the audit identified one university, Charles Sturt University, as a high risk, and the other universities were classified as a moderate security risk.

Perhaps most troubling, many of the vulnerabilities were repeat findings, indicating that universities are either unable or unwilling to improve their cyber security posture to address existing and emerging thereof an unpatched vulnerability, highlighting their need for technical support in this area.

The report comes on the heels of a recent cyber-attack in which hackers accessed 19 years of university data that included sensitive information about current and former staff and students.

Since universities are trusted with troves of personal information, including data from minors, addressing these concerns should be a top priority. These weaknesses, according to the audit, could cause significant financial or reputation loss for universities that can’t improve in this capacity.

Recent Breaches

United States – U.S. Customs and Border Protection – Law enforcement agency operating under the authority of the Department of Homeland Security.

Exploit: Malicious cyberattack

Risk to Small Business: Severe: A subcontractor violated the department’s policy and transferred copies of license plate and traveller images to their network where they were stolen in a malicious cyberattack. In response, the agency is monitoring the Dark Web for evidence of this data, and they are re-evaluating their cybersecurity and privacy standards. Of course, these initiatives are simpler and more palatable when they are done proactively, rather than after an incident occurs. Consequently, the agency will now have to endure increased governmental oversight and media scrutiny.

Risk to Exploited Individuals: Severe: The stolen data included license plate and travel images from certain lanes at a particular border crossing. The agency isn’t providing any more specific information at this time, noting that it processes more than a million border crossings each day. However, they did indicate that no passport or other travel information was compromised in the breach.

Customers Impacted: 100,000

Canada – Nova Scotia Health Authority – Provincial health authority serving Nova Scotia, Canada

Exploit: Phishing attack

Risk to Small Business: Severe:  When an employee entered his credentials into an email purporting to be from the company’s information technology department, hackers gained access to sensitive patient information stored in the employee’s email account. Although the breach was first reported on May 13th, the organization required nearly a month to determine the type and scope of the compromised data. Their slow response time and weak protocols will make the clean-up costly as they must re-establish their patients’ trust even as they upgrade their cyber security practices.

Risk to Exploited Individuals: Severe: The breach specifically pertains to patients who were scheduled for surgery at or who were communicating with the Colchester East Hants Health Centre in Truro. Since the organization can’t verify specific data exposure, those impacted by the breach should prepare for the worst and assume that their information could be made accessible on the Dark Web.

Customers Impacted:  2,841

Being proactive in developing a cyber security plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
20/06/2019

Follow us on LinkedIn:

Related Articles:
SonicWall Email Filtering – Time-of-Click URL Protection
O365 Targeted Phishing Scam

Written by