Cybercrime: an escalating risk

There was no shortage of headline making news coming out of the Banking Royal Commission this week. And with the industry’s shonky behaviour dominating the headlines, it was easy to miss some other alarming news from the country’s biggest wealth manager, AMP.

Like the Royal Commission, this news is much further reaching than just being contained to AMP. Or even to the financial sector as a whole...

In news that exposes the vulnerabilities of even our largest financial institutions, and reminds us that that banks can be victims too, AMP was hit by a serious data theft attempt.

Chinese national AMP contractor, Yi Zheng, downloaded 20 identity documents such as driver's licences and passport photos belonging to 23 different customers then attempted to flee the country.

NSW Police found mobile phones, SIM cards, a laptop and numerous electronic storage devices. The financial crimes squad is examining the devices with the investigation, under Strike Force Paunelle – which was set up to investigate identity theft and related crimes.

Cybercrime squad commander, Detective Superintendent Matt Craft commented, “Identity information is an extremely valuable commodity on the black market and dark web, and anyone – whether an individual or business – who stores this data needs to ensure it is protected”.

While the thief was eventually apprehended as he tried to board a flight to China, his ability to swipe critical customer data is yet another example that drags cyber risks back into the spotlight.

Cybercrime is a real and growing threat to not only major financial institutions, but to public utilities, hospitals, and government entities too.

New figures out of the Office of the Information Commissioner (OAIC,) showed the number of data breaches suffered by Australian companies jumped 7% in the December quarter to bring the total number of data breaches to more than 800 for the full year.

The health sector held top spot as the industry most affected by data breaches, followed by financial services, then legal, accounting and management services. And for the first time, the mining and manufacturing sectors made an appearance in the report.

The bulk of the breaches were malicious in intent with the largest affecting between one and 10 million people, while another breach compromised the data of up to 500,000 people.

Austal, a major shipbuilder for both Australia and the US Navy, was hit by a cybersecurity data breach and extortion attempt last year.

The company’s Australian data management system was targeted with ship design drawings stolen and staff details including addresses, and mobile telephone numbers were compromised. The offender is believed to have then offered this information for sale on the internet and engaged in extortion.

The departments of Defence and Home Affairs issued a joint statement with the Australian Cyber Security Centre, saying “this incident reinforces the serious nature of the cyber security threat faced by defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences”.

When cyberattacks do make the headlines, they tend to focus on these major breaches and well known organisations. Yet, more often than not it’s small to medium sized enterprises (SMEs) that are ill-prepared for cyberattacks.

In the US, cyber threats are even more costly, with the average cybercrime or fraud event starting at $35,000 and ranging to over a $1 million for SMEs alone. These risks, which are continually growing and evolving mean it’s imperative to have adequate cybersecurity in place.

WhiteHawk (ASX:WHK) is becoming recognised as the first stop for SMEs in combating these risks.

WHK has developed the first online self-service, cybersecurity exchange, simplifying how companies and organisations implement cybersecurity solutions. These solutions directly mitigate a business’ key cyber risks and assists US companies connect to content, solutions, and service providers.

The company has three diversified streams to generate revenue:

• Sales of its 360 Cyber Risk Frameworks and Risk Scorecards to large corporations and government organisations.
• Executive cyber risk consulting services to large government and industry enterprises.
• Sales of cyber products and services via the online Exchange, referrals or 360 Cyber Risk Framework Vendors.

While still a $6.5 million capped junior, WhiteHawk has significant growth potential.

The cybersecurity solution provider is gaining momentum with the signing of a Cyber Risk Framework Contract with a US top 12 Defense Industrial Base company; consecutive US government contracts, including executive cyber risk management consulting services for US Federal Department of Homeland Security; vendor risk management with a top 10 US financial institution for 50 companies; and private utilities contracts.

WHK also offers ongoing online cyber risk services to small and midsized entities via online its platform.