Some 60% of Australian businesses experienced at least one security breach a month in 2016, compared with just 23.7% in 2015, according to a Telstra report.
Even the largest global enterprises are facing cybersecurity challenges. In the past two years alone, some of the best-known brands have been struck down by data breaches and security failure.
So, what – if anything – could these companies have done to stop the disaster before it even happened? We asked global cybersecurity experts to tackle three headline-hitting incidents.
Sensitive data made public
In September 2017, it was revealed that Accenture had four cloud-based storage servers that were insecure and publicly downloadable.
The Amazon Web Services (AWS) S3 storage buckets were configured for public access rather than private access. This meant the content could be downloaded by anyone who entered the web address of the buckets in their browser. The servers contained highly sensitive data about Accenture’s cloud platform, inner workings, client information and 40,000 plain text passwords.
“With more companies adopting public cloud, issues like this are now reported on a regular basis,” said Dmitry Kulshitsky, a security engineer. “Accenture is certainly not unique in this regard. Engineers are used to the ‘cosy’ datacentre model, where there are multiple layers of defence, usually managed by different teams. Public cloud changes all of that. In the software-defined world, you are one click away from exposing your internal infrastructure to the rest of the world.”