Government to Scrap Privacy Act Exemption for Small Businesses

Businesses generating up to $3 million annually will be subjected to new data privacy standards, following the government’s recent declaration regarding the comprehensive review of the Privacy Act. The government has either endorsed or provisionally accepted most of the 116 suggestions put forward in the review this past February. Central to these recommendations is the […]

The LastPass Data Breach: A Cautionary Tale of Inaction and Crypto Losses

In the ever-evolving digital world, security is of utmost importance. This is especially true when it comes to safeguarding passwords, which are the keys to one’s digital life. LastPass, a popular password manager, has long been trusted to secure these precious assets. However, recent events surrounding a data breach and subsequent inaction have raised questions […]

The MGM Grand Cyberattack: A Case Study in Human Error and Corporate Risk

The ransomware group ALPHV, also known as BlackCat, has reportedly compromised MGM Grand casinos, affecting its operations across multiple states in the U.S. According to malware archive vx-underground, the group used social engineering to breach the company’s computer systems within just 10 minutes. They found an employee on LinkedIn and made a phone call to […]

Responding to Data Breaches: A Compliance Checklist for Australian Businesses

Data breaches are an unfortunate reality in today’s interconnected world. For businesses operating in Australia, navigating the aftermath of a data breach involves adhering to specific legal and ethical obligations. Failure to meet these requirements can result in significant fines and long-lasting damage to the company’s reputation. Here’s a brief overview of the key requirements […]

Why MFA is No Longer Effective Against Business Email Compromise Due to AiTM Attacks

In the digital age, security has become a paramount concern for businesses worldwide. One of the most common methods of ensuring security is through Multi-Factor Authentication (MFA). However, recent developments in cyber threats, particularly Artificial Intelligence in the Middle (AiTM) attacks, have raised questions about the effectiveness of MFA. Understanding MFA Multi-Factor Authentication is a […]

Assessing Cyber Risks: Safeguarding the National Disability Insurance Scheme (NDIS)

In today’s interconnected world, where technology plays a pivotal role in various sectors, cybersecurity has become a critical concern. This is particularly true for government programs that handle sensitive personal information and provide vital services to the public, such as the National Disability Insurance Scheme (NDIS) in Australia. In this blog post, we will delve […]

Australian Cyber Attacks: Your security, your responsibility.

There have been frequent reports in the media recently in relation to personal information held by businesses being compromised by cyber-criminals.  The companies involved have primarily been larger businesses, such as Optus, Medibank, Telstra, National Australia Bank (via third-party employee benefits provider), and Woolworths-owned My Deal to name a few.   It is important to consider […]

Optus Data Breach – Recommended actions

As you are likely aware, on the 22nd September Optus disclosed what may have been the single largest data breach in Australian Corporate history, putting your identity and business cyber security at risk.  Recent developments suggest that most data may have been deleted, although there is no certainty at this stage. Our team at Evisent […]