With the incident, reports indicate that dozens of employees’ email accounts have been compromised as the result of actions by a malicious group of hackers. In all the email accounts of nearly workers at the arms length agency Service NSW, which is the government information office for the Australian state of New South Wales.
According to ABC News, the consequences of a successful attack could be severe. The issue highlights the fact that many government departments are not properly protected in terms of cybersecurity and other measures.
Discussing the issue with Digital Journal, Ed Macnair, CEO of Censornet says that one aspect is very clear: “Never underestimate email attacks. Phishing is probably the best known method of cyberattack.” The downside of this is with many bodies not thinking that this area applies to them, entering into a state of complacency.
Macnair goes on: “Phishing is so popular because time and time again it proves effective, and criminals’ phishing techniques have become more sophisticated over recent years.” This means that such attacks become harder for companies to detect and systems cannot solely rely upon personnel; technological measures are needed.
In terms of the fall-out from the attack, Macnair explains: “In this case, almost 50 staff accounts were compromised. As Service NSW itself has identified, this makes it a significant breach because each member of staff will have emails that contain sensitive information of citizens of New South Wales.” Such personally identifiable information can be used by the hackers for nefarious purposes.
And with future actions, Macnair recommends: “Organisations should remember that cyber criminals, like all criminals, will use the point of attack with the least resistance and the least likelihood of triggering the alarm. Often that is utilizing the easiest and proven techniques such as phishing.”
