Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National
Lachlan Bennett

Optus hack lesson learned by Tasmanian organisations, who say they are better prepared for cyber attacks

The Optus hack has again highlighted the risk posed to large companies by cyber criminals, but smaller enterprises are also vulnerable — and these Tasmanian organisations say they aren't leaving things to chance.

A report by the Australian Cyber Security Centre shows that cyber crime reports had jumped almost 13 per cent in 2020-21, and a third of those were from local, state and federal governments.

While the high number of government-related incidents may be due to their reporting obligations, the threat has not gone unnoticed in Tasmania — with the local electoral commission and a city council among those taking action.

Electoral Commissioner Andrew Hawkey said a major concern had been the lack of a permanent base in northern Tasmania, which meant previously they had to "hire whatever site was available", from council chambers to "a rickety house" and car sheds in order to conduct electoral work.

"We used an old bank at one stage where, because it had been empty for a while, we did not have any internet connection for the first four days," he said.

"We had to use the wi-fi through a cafe, which, again, shows you that's not going to meet any modern cybersecurity needs."

Physical security critical to cyber safety

Mr Hawkey said the commission had now invested in a permanent, secure site in Launceston and it would be put to the test at the upcoming local government elections.

"We just need to do the best we can, as all parts of government and the private sector need to," he said.

Several councils across the country have been hit by hacks in recent years, either due to internal failings or breaches in third-party services they use.

In November, Burnie City Council in Tasmania's north-west had its IT systems accessed by an unauthorised entity.

The incident spilled into the neighbouring municipality of Waratah-Wynyard, which warned its residents that their tax file numbers may have been accessed because they were stored on a backup file hosted by a Burnie council server.

Burnie general manager Simon Overland, the former chief commissioner of police in Victoria, said his council had subsequently "introduced a number of changes to our technical environment".

He said they had shared their knowledge with other councils and the Tasmanian government to help the sector "plan for and respond to the increasing level of cyber threats that are occurring around Australia, and, indeed, the world".

The deputy general manager of the nearby council of Devonport, Jeff Griffith, has also been using his background in IT to help other councils.

But he said just like risk mitigation for natural disasters, organisations tended to not focus on cyber security "until they've experienced an incident".

"[Incidents] certainly raise the profile and can cause organisations to take it seriously," he said.

"But there's a long list of actions that organisations need to take and it's an ongoing process."

People, not tech, often to blame

Over the past five years, Devonport City Council has been ramping up its cyber security defences, even hiring a hacker to test their defences over a week earlier in the year.

In a statement, Devonport Council said "they were unable to breach our environment, and during the phishing and vishing testing attempts they were also unable to ascertain data or sensitive information".

"Some low-level recommendations were made regarding our websites, and these recommendations have been considered and addressed with the help of our website development contractor."

But while insecure technology can be problematic, Mr Griffith said "typically, employees are the weak link".

"And so the more training and effort you put into training employees, the better," he said.

"Everyone has experienced those sorts of phishing scams.

"It's about encouraging employees to be vigilant and aware, and to not trust, really, the emails that they're receiving."

As the world becomes more and more digitised, cyber security threats are unlikely to decrease.

University of Tasmania senior lecturer Dr Joel Scanlan said every organisation, big and small, "needs to lift their game".

"As we add more digital systems, in terms of not just laptops and even phones, we're moving data from one place to another," he said.

"We need to make sure that as our systems evolve, we're making sure that we're actually aware of the threats that we're facing."

How to protect yourself in the wake of the Optus leak.
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.