In 2024, Australian businesses faced a series of large-scale cyber-attacks that affected millions of individuals. These incidents highlighted vulnerabilities across various industries, and underscored the critical importance of robust cyber security. As the new year grows ever closer, now is an opportune time to reflect on some of the biggest attacks that occurred in 2024, and what lessons can be learned from them.
Major Cyber Attacks in Australia in 2024
1. MediSecure Data Breach
In April, eScripts provider MediSecure suffered a major data breach, compromising the medical information of approximately 12.9 million Australians. Complicating the situation further, the complexity of their data sets made it virtually impossible to identify precisely which individuals had been affected, stifling response efforts.
2. Antidot Banker Trojan
First noticed in May, a highly sophisticated attack targeted Android users of Australian banking apps – including those used by the big four banks. The trojan, known as Antidot Banker, was distributed through phishing campaigns where threat actors posed as job recruiters. This attack compromised the financial data of an unknown number of Australians before it was finally caught.
3. Early Settler Breach
In August, a furniture retailer called Early Settler confirmed that they had fallen victim to a data breach that stole the information of 1.1 million customers. No financial data was taken, as the company does not store it, but the stolen information was later found for sale on a hacking forum.
Lessons Learned and a Stronger Cyber Security Strategy
These cyber-attacks reveal several vulnerabilities that Australian businesses must address to improve their security postures for 2025. Here are some key areas of focus:
1. Employee Education and Awareness:
As shown by the Antidot attack, many cyber threats exploit human psychology through social engineering techniques such as phishing scams. Regular training programs can educate employees about recognising and responding to suspicious activities, reducing the likelihood of a breach.
2. Advanced Threat Detection and Response:
One common pit fall is that businesses often do not notice a cyber-attack for days or weeks, allowing it to cause significant damage. Sophisticated monitoring systems can help detect anomalies and respond to threats in real-time, allowing for faster response and recovery.
3. Regular Security Audits and Vulnerability Assessments:
Conducting periodic assessments of systems and networks can identify and fix vulnerabilities before they are exploited by attackers.
4. Data Management Practices:
A major issue experienced by MediSecure was that they were unable to determine what had been taken, due to the complex nature of their data sets. This demonstrates the need for proper data management processes. AI-powered tools can assist with this process, when data sets are too complex for human staff to manage.
5. Encryption and Access Controls:
Encrypting sensitive data and implementing strict access controls can prevent unauthorised access, protecting information even if a breach occurs.
Cyber Security 2025: Best Practices
There are several methods businesses can use to improve their cyber security in 2025:
Zero Trust Architecture:
Adopting a Zero Trust model, which operates on the principle of “never trust, always verify,” ensures that all users and devices are continuously authenticated and authorised before accessing resources.
Incident Response Planning:
Developing and regularly updating an incident response plan enables organisations to act swiftly and effectively in the event of a cyber-attack, reducing downtime and mitigating damage.
Collaboration and Information Sharing:
Engaging with industry peers, government agencies, and cyber security organisations facilitates the exchange of threat intelligence and best practices, making all businesses safer in the process.
Regulatory Compliance:
Staying informed about and adhering to relevant cyber security regulations and standards ensures that businesses meet their legal obligations, and makes them more secure at the same time.
Build A Stronger Cyber Security Strategy and Prevent Attacks
The biggest cyber-attacks of 2024 serve as a stark reminder of the negative consequences that a data breach can bring. It is important to study past incidents, so businesses can learn how to better protect themselves and their stakeholders in the years to come. Only by understanding the past, and applying the lessons learned, can organisations hope to create a safer future.
Austin Technology can help you find the hidden vulnerabilities that put your business at risk, making it easier to prevent incidents like the ones described above. We simulate real-world attacks to show you exactly how threat actors would breach your data, empowering you to build a stronger defence. Learn more about our penetration testing services now.