5 minute read
Hack of all trades
from The Arch Issue 31
THE OPTUS DATA BREACH DEMONSTRATES WHY EVERYONE – ESPECIALLY SENIOR EXECUTIVES – NEEDS TO BE ACROSS CYBERSECURITY
Associate Professor of Data Analytics Adrian Gepp.
For someone who loves getting his hands on vast amounts of data to study, Adrian Gepp (Class of 2001) sure is wary of giving out his own. “I get annoyed when I'm signing up for some rewards program that is asking for my data. Why do you need my date of birth? You're going to do nothing with it other than potentially lose it or give it to someone else,” he says. Years spent studying financial fraud will do that to an Associate Professor of Data Analytics.
Dr Gepp’s research spans the gamut of dubious dealings in multibillion-dollar companies to the financial literacy of older Australians. Through it all, a common thread has emerged: education is the only way to beat fraudsters and cybercriminals, and that applies equally to CEOs or your grandmother. “That’s because we're never going to defeat fraud if we're just trying to build models to detect it,” says Dr Gepp, whose own computer models have helped sniff out companies at risk of bankruptcy. “There's too many (bad actors), they evolve. Detection is valuable but we also need to educate people so they’re less vulnerable.”
The risks were driven home to Australians in late September when the details of 9.8 million Optus customers were hacked and stolen. Licence, passport and Medicare numbers were among the records taken in the breach and the telco, banks and governments raced to protect victims from online scams and identity theft. At the business level, Optus’s reputation was shredded.
The Australian Cyber Security Centre received more than 67,500 reports of cybercrime during the 2020–21 financial year, up almost 13 per cent on 2019-20. Ripping off the careless and vulnerable is so lucrative an entire ecosystem has sprung up to support the criminals. Cybercrime services such as ransomware-as-a-service can be obtained via the dark web, opening the market to a growing number of ill-doers without significant expertise or financial investment. Their victims include government agencies, critical
infrastructure providers, small to medium enterprises, families and individuals.
The growing threat has underpinned the development of a new subject to be offered by the Bond Business School from September. Cyber and Fraud Threats in Organisations is an elective subject available to every student regardless of their discipline. It can be studied by anyone as a non-award single subject, for example, alumni seeking to further their careers through professional development. “I think it’s a subject every student should do,” Dr Gepp says. “It's really interesting and it’s something all of us need to know more about because increasingly, you could find yourself working in an organisation, and your computer says it's encrypting itself - it's ransomware and they want $10,000. What are you going to do? Hopefully your answer isn't, ‘Well, I've got a really good guide in Word’, because you don't have control of your computer anymore. So you need a printed plan. And this is a high stress situation and it will be natural to be panicking.”
Dr Gepp says whereas in the past cybersecurity might have been the domain of Chief Information Officers, CEOs and the Board of Directors were increasingly expected to be across the risks. “You're the CEO, you're the CFO. When you put your profile on LinkedIn, do you know what sort of information you’re providing to bad actors? Are you aware that a criminal will look at this and go, ‘Right, now I know their org chart and what software platform they use. I probably know that Steve approves your
expense reports’. So if they pretend to be Steve, what's the result? I’m not saying don't use LinkedIn or other services, because they are extremely useful and convenient. But be aware of what is going on out there and make informed decisions that consider the risks.”
The good news is, you’re not always going up against a foreign governmentbacked hacker collective. “Some are, but many cyber criminals are not digital geniuses,” Dr Gepp says. “Often they will just buy a little program and press ‘attack’. It’s plug-and-play. You can stop a lot of threats by having your IT people have proper systems in place, because these people are often looking for low-hanging fruit such as exploiting known weaknesses because you haven't updated your system.”
Dr Gepp says to reduce the chance of becoming one of the Australians falling prey to cyber criminals every eight minutes, it could be as simple as pausing and putting safety ahead of convenience. “Be mindful when you share information,” he says. “If you went into a shop and they said, ‘What’s your date of birth’, you'd be asking , ‘Why do you need this?’ But you type that into a computer form without thinking twice. We can have arguments all day about what the government legislation should be, but I still think the turning point is going to be when we get people to realise that their data is valuable.”
Watch a video interview with Adrian Gepp here
Protect your information
Update your software
Keep your computer programs up-to-date and reboot your computer regularly (at least once per week) to allow updates to install.
Don't overshare
Before you share personal information online, think about whether you would share the same information if the person was standing in front of you. Use the security features available on social media and only post what you would be happy to be made available to the general public.
If you're a victim
Speak up – it can happen to the best of us. Visit a local police station or call police on 131 444. Cybercrimes can also be reported to the Australian Cyber Security Centre (www.cyber.gov.au). IDCARE (www.idcare.org) is a not-forprofit charity that offers free support to victims of scams and fraudulent activity.
The Al Janoub Stadium in Wakrah, Qatar where the Socceroos will open their World Cup campaign. The world's biggest sporting event begins on November 20 amid concerns over workers' rights in the host country, the alleged high number of deaths among foreign labourers, and the environmental impact of air-conditioned stadiums.
ON THE WORLD STAGE
FROM THE WORLD CUP TO MOVIE BLOCKBUSTERS, THESE BONDIES ARE KICKING GOALS
