The number and scope of cyber attacks are increasing at an alarming rate. Here in Australia, we’ve very recently experienced two massive breaches involving millions of people’s data.
The first occurred just a few weeks ago when the comprehensive personal data of an estimated 10 million users was stolen from the second largest telecom in Australia, Optus. The second major breach, occurring just last week, resulted from an attack on Australia’s largest health insurer, Medibank. A reported 200GB of the health insurer’s customer data was stolen including comprehensive personal information plus, in some cases, sensitive medical history. In both instances, the attackers have demanded payment of a large sum of money (as yet undisclosed) in return for not exposing all that data publicly online.
The obvious major motivation for these types of attacks is the almighty dollar, but there is a little more to it than that – the risk-to-reward ratio comes down very heavily in favor of cybercrime.
If a gang of thieves steals (say) $6 million from a brick-and-mortar bank in a traditional armed holdup, the full resources of the entire local police force would be employed to track them down, meaning the gang of thieves would have a very slim to zero chance of getting away with it. On the other hand, cybercriminal gangs can extort millions of dollars from behind the veils of proxy servers, IP hopping, encryption, and most importantly, border crossing, with very little chance that the authorities will ever catch up with them.
With locally perpetrated traditional robberies, the authorities can almost always rely on tell-tale forensic evidence, CCTV evidence, and eye-witness evidence, making catching the crooks a fairly straightforward assignment. None of that type of evidence is available where cybercrimes are concerned. Furthermore, when the cyber attack is sourced from a foreign country, local authorities are pretty much working in the dark and very much reliant on cooperation from those foreign authorities.
Any wonder then that cybercrime is on the rise? As mentioned earlier, the risk-to-reward ratio must be extremely appealing to any but the dumbest of crooks. We are surely all aware by now that our personal data has become an extremely valuable commodity and governments need to ensure that these organizations with which we entrust our personal data view that data’s security with the same level of extreme importance as its customers/clients.
Following those two aforementioned major breaches, the Australian government is in the process of increasing fines from a measly $2 million max to a more punitive $50 million max. But that is surely only part of the equation – policing of cybercrime needs to evolve to counter the modern techniques adopted by these cybercriminal gangs, including setting up a global system of full cooperation between the various policing authorities with a shared-information database.
One thing is for sure, cybercrime is not going away any time soon and if the authorities don’t act, and act quickly, the situation can only get worse.