The use of the word targeted raises an eyebrow. I wonder if it’s actually meant as the AAP are implying. It doesn’t appear to be a word CSV have used.
When is Australia going to start penalising these organisations? Clearly their security wasn’t good enough and I’m sure we are all over having our information stolen and the subsequent impacts it has on daily life … we need massive penalties.
This is pretty-much what I do for a living: mitigate risk of this happening to organisations by protecting data. You'd be astonished at how many organisations don't have people devoted to this sort of work. I walked into a company a few years ago that still had a Windows 2000 file server. Sometimes, there are valid reasons why a server can't be upgraded (usually, it's running super niche hardware or software that doesn't work with new operating systems) for some reason. But a file server?! That doesn't even need to be a server. That can just be a NAS.
One of my Melbourne customers was a prestige car dealer who had a computer in the workshop running Windows 98. It spoke to the car computers and the software hadn't been updated in over a decade. It required Windows 98. That PC was given my all-clear only after I physically removed its network card. Also, staff were told they weren't allowed to plug USB drives into it (I couldn't disable USB because they needed to plug it into cars).
That said, reporting is important. It leads to conversations with IT teams like: "What's to stop this happening to us?"
"Nothing. In fact, it's recorded on our risk register as being a possibility."
"Who signed off on this risk?!"
"You did. Here. And Here. And Here. And every year we keep coming at you for new hardware and you keep denying it."
"Your new hardware is approved."
I think it is more important that we are informed than the companies are fined. Besides, the reputation loss is a bigger disincentive than a mere fine would be. Plus: They often get slapped by legal action from their customers.
This community is a place created for the people of Melbourne and Victoria. We are a positive, welcoming and inclusive community. We might not agree about everything, but we always strive to stay civil and respectful.
The focus of our discussions is based around things that effect Victoria, but we are also free to discuss our local perspective on wider issues. Or head to the regular Daily Random Discussion thread to talk about anything.
Ongoing discussions, FAQs & Resources (still under construction)
Adoption Certificate for Nellie, the Daily Thread numbat (with thanks to @Catfish)
