Triskele Labs Blog

No longer if but when...

Written by Nick Morgan | Apr 20, 2019 11:24:00 AM

Another day, another breach. This time, a bit closer to home with some extremely serious consequences that will impact not only the company but the lives of hundreds if not, thousands of Australians. Yes, I am talking about the LandMark White (LMW) breach.

In case you have not been following it, LMW, an organisation that describes themselves as "highly-skilled, independent property valuation and consultancy organisations in Australia." has suffered a considerable breach that LMW has called "relatively benign".

Now, I am not going to argue the severity of the situation; however, this seems quite serious... "Some 137,500 unique valuation records and 1680 supporting documents were inadvertently exposed by an LMW API. Around 250,000 individual records were included in the dataset, but LMW said some were duplicates.

The documents covered the period 4 January 2011 to 20 January 2019." The face-palming began when the ACSC informed LMW of the vulnerability utilised to compromise the user details in January 2019! To make matters worse, they had been in contact in December 2018 about the same issue! If you know about these things, take the system offline.

It continues that, LMW did not find the data themselves, they were informed via a chat on their website that data was posted to the dark web. So this comes back to my question, can we afford not to do it? While LMW might see this as a small error, the market has not. When the issue was first released to the public, LMW suffered a 10.9% drop on the ASX. We have seen similar with Equifax, Target and PageUp. Companies recover.

LMW may not. Major clients including large and small banks have dropped them as a vendor and the ASX has put them into a trading freeze. This is going to have a knock-on effect to the staff of LMW and their families. All through a cyber attack that could have been prevented. So, how do we prevent this? It is time to get serious about cybersecurity.

I mean, it really is time. It is time to understand that this is going to continue happening. You must have a cybersecurity strategy in place and be actually implementing it. If that strategy does not include a 24x7x365 SOC (including SIEM, SOAR and Vulnerability Scanning), Red Teaming, Threat Intelligence and Dark Web Monitoring, then you are already behind.

It is not all about technology, but detection will always be better than pure-play response. It is time to stop asking the Executive for the funds and start asking, what happens if we don't spend the funds?