Millions of people have had their data exposed in recent hacks. Here’s why it keeps happening

In the last month, several major Australian companies have suffered cyberattacks, resulting in the exposure of millions of people’s personal data.

Names, email addresses, ID documents and phone numbers have been compromised in some of the most recent attacks, exposing people to identity theft and fraud.

While it’s obvious there has been a sudden increase in the scale and number of attacks, figuring out why was a guessing game, Chief Scientist for UNSW Institute for Cybersecurity (IFCYBER) Professor Sanjay Jha said.

Jha said there could be insinuations there were foreign actors active, but there had been no evidence to suggest that.

Instead, he said, it was possible the “bad guys” saw Australia as a “soft target” following the cyberattack on Optus.

Earlier this month, the telco revealed personal information belonging to about 10 million of its customers had been compromised.

“(Hackers) may have started to explore other companies or it is possible that they stole credentials and now they probably have (an) easier job in attacking some of the not-so secure services at different places,” Jha told 7NEWS.com.au.

While awareness is growing, and cybersecurity legislation is tightening, Jha said companies should be doing more to protect sensitive information, including stringent tests to ensure no security hole is left open.

“ICT is a very complex field and there are many new technologies always being incorporated,” he said.

“Some of the processes and the risk assessment needs to be beefed up.

“It’s always a cat and mouse game and (companies) have got to be ahead of the bad guys and be extra vigilant.

“The bad guys will always try to be good at the game, so you can’t blame them. That’s their job.

“But I think companies have to lift their game. I think they have to spend a bit more on cybersecurity.”

Jha said companies should continuously check their systems and ensure they’re upgraded to the latest technologies.

Simple things like multifactor authentication should also be implemented, he said.

“I’m just wondering why some simple things like that (are) not being done in companies that should be easy to fix.”

Cyber Security Minister Clare O’Neil agreed Australia needs to lift its game when it comes to cybersecurity.

“We’ve really got to just step back and have a good conversation here about what is going on and why it is that we are so behind the eight-ball with cyber issues generally,” O’Neil said on Friday.

“We’ve got to muscle up here and understand that this is our future and our job is to make sure that the country is better prepared when things like this happen.”

Excerpt from article by Elizabeth Daoud, read the full article here.