ASIC is the Australian Security and Investments Commission, and on Monday of this week it reported a cyber security incident.
We are told that it "involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications".
ASIC reports that "while the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded."
So, what is ASIC's response?
The organisation reports that, "as a precaution, and to protect information and systems, ASIC has disabled access to the affected server. ASIC is working on alternative arrangements for submitting credit application attachments which will be implemented shortly. No other ASIC technology infrastructure has been impacted or breached.
"ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.
"ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely."
Q 1. The ACSC (Australia Cyber Security Centre) has warned businesses about the Accellion vulnerability that caused another breach lately – do you think more could've been done to prevent the second breach?
A. Tebow said: "With a warning going out just recently, it is unlikely that much more could have been done to avoid this breach.
"However, changes to the monitoring within the organisation could have alerted ASIC sooner, while more regular pentesting could have made them aware of the weakness – but considering those measures take a certain level of expertise to be done properly, this breach could have happened despite taking additional measures."
Q 2. Cybersecurity is always about finding balance between having sufficient protection suited for your threat landscape, and being able to operate and do business freely, without restrictions.
What do you believe to be the cause of the breach being allowed to happen? Are you surprised to see a large corporate entity slip up like that?
A. Tebow elaborated: "Based on the information on hand, this appears to be a vulnerability in a file transfer system (like Dropbox or similar), likely a third-party vulnerability in systems that the organisation didn't have direct access to audit.
"This isn't exactly a supply chain attack, but this time it was out of control of any affected organisations. The one thing to be done now is to work with the software providers to analyse the situation, fix the vulnerability and avoid it in the future."