Court Services Victoria says hackers accessed years’ worth of recorded hearings across several courts and attack was much worse than initially thought

  • LineNoise@kbin.socialOP
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    The use of the word targeted raises an eyebrow. I wonder if it’s actually meant as the AAP are implying. It doesn’t appear to be a word CSV have used.

  • Mittens_meow
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    When is Australia going to start penalising these organisations? Clearly their security wasn’t good enough and I’m sure we are all over having our information stolen and the subsequent impacts it has on daily life … we need massive penalties.

    • NathA
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      This is pretty-much what I do for a living: mitigate risk of this happening to organisations by protecting data. You’d be astonished at how many organisations don’t have people devoted to this sort of work. I walked into a company a few years ago that still had a Windows 2000 file server. Sometimes, there are valid reasons why a server can’t be upgraded (usually, it’s running super niche hardware or software that doesn’t work with new operating systems) for some reason. But a file server?! That doesn’t even need to be a server. That can just be a NAS.

      One of my Melbourne customers was a prestige car dealer who had a computer in the workshop running Windows 98. It spoke to the car computers and the software hadn’t been updated in over a decade. It required Windows 98. That PC was given my all-clear only after I physically removed its network card. Also, staff were told they weren’t allowed to plug USB drives into it (I couldn’t disable USB because they needed to plug it into cars).

      That said, reporting is important. It leads to conversations with IT teams like: “What’s to stop this happening to us?”
      “Nothing. In fact, it’s recorded on our risk register as being a possibility.”
      “Who signed off on this risk?!”
      “You did. Here. And Here. And Here. And every year we keep coming at you for new hardware and you keep denying it.”
      “Your new hardware is approved.”

      I think it is more important that we are informed than the companies are fined. Besides, the reputation loss is a bigger disincentive than a mere fine would be. Plus: They often get slapped by legal action from their customers.