قالب وردپرس درنا توس
Home / Insurance / Insurance companies routinely pay ransoms to hackers: Cybersecurity companies

Insurance companies routinely pay ransoms to hackers: Cybersecurity companies



(Reuters) – Corporate insurers routinely pay hackers a ransom for the return of stolen customer data, a leading Australian government cyber security provider said on Tuesday, as the country’s largest health insurer disclosed the growing scope of a recent breach.

The claim by Macquarie Telecom Group Ltd., which runs cyber security for 42% of Australian federal employees, including the Australian Taxation Office, gives a sense of lack of preparedness in an industry that has been in the spotlight amid a wave of high-profile hacks in the past month.

“These are the biggest companies in the world, falling over themselves to pay criminals as quickly as possible to cover their liability,”

; Macquarie CEO David Tudehope told Reuters in an interview, referring to cyber insurers he did not name. “In what other sphere of life do you see reputable companies paying millions of dollars to criminals and somehow everything is okay?”

Insurers who paid ransom to hackers had no way to ensure data was deleted, meaning sensitive customer information is still at risk of being exposed online, Tudehope added.

This month, Australia’s largest health insurer, Medibank Private Ltd., disclosed that a criminal had revealed it had stolen the personal health data of 100 of its 4 million customers and demanded payment for the data to be returned. On Tuesday, Medibank said the criminal had exposed the data of a further 1,000 customers, adding that the number was likely to grow.

The country’s No. 2 telco, Singapore Telecommunciations Ltd.-owned Optus, said last month that about 10 million customer accounts, equivalent to 40% of the Australian population, had data taken by a hacker who demanded payment. A person claiming to be the Optus hacker later retracted the claim due to concerns about publicity.

The federal government, meanwhile, has said it will impose fines of up to A$50 million on companies affected by data breaches.

“This is a huge wake-up call for the country,” Cyber ​​Security Minister Clare O’Neil told parliament. “We need to do more as a country to step up.”

A national crisis management team, set up during the covid outbreak, was activated on Saturday and has met three times to discuss the Medibank hack, O’Neill added.

Tudehope, Macquarie Telecom’s CEO, declined to comment on any incidents but partly blamed underprepared cybersecurity managers who were too focused on internal stakeholder management and too reliant on all-in-one protections such as firewall software.

“The challenge in cyber is that it just changes so quickly and the people in senior management who in many cases don’t have the background in cyber security because it wasn’t a thing as they worked their way up through their careers,” Tudehope said.

“They make decisions that they don’t have a strong understanding of in many cases,” he added. “The people who have a deeper level of IT security (knowledge) are often at junior or mid-level in an IT department or government agency.”

Tudehope said most businesses would receive cyberattacks and should have a recovery plan, such as having confidential data backed up frequently in a separate location, to ensure hackers cannot access it.


Source link