Sydney, Jan 17: An IT expert has given his two cents on what may have caused the recent cyberattacks at a Bunnings’ warehouse.
The mishap which was caused by FlexBooker, a scheduling platform used by many companies had taken the blame and had apologised for comprising the private information of 3.7 million users – however IT expert and founder of StickmanCyber Ajay Unni believes there is more to the situation at hand.
“A cyber-attack on a scheduling platform – FlexBooker has led to the personal data of Bunnings customers being compromised,” Unni said.
“Although Bunnings is adamant that no sensitive information was lost in the attack, incidents like these can lead to significant reputational damage.
“Known as ‘Supply Chain Attacks’, malicious actors go after third-party vendors such as FlexBooker to infiltrate their large partner organisations like Bunnings, who are the main target.”
Unni said lately, there has been a rise in these types of attacks and that it was difficult for both vendors and their customers to protect their networks against well-resourced actors with the ability to compromise widely used software products.
“Many companies including Bunnings rely on vendors like FlexBooker for a variety of services and given the value of these third-party providers, simply avoiding these partnerships to remove the risk of a cyber-attack is not a solution.
Instead, he said there are several things that organisations can do to reduce their third party risk significantly which was by acknowledging the existence of third-party risk and working on understanding their exposure – by defining their tolerance to risk which would go a long way in combating such supply chain attacks.
“When your organisation identifies possible vendors to partner with, ensure that cyber-security is covered in the contract.
“Once your organisation partners with a vendor, it is important that a process is in place to continually assess and monitor risk, for example, utilising vendor risk assessment questionnaires can help you make sure that a vendor’s internal data handling practises and procedures are secure and can help you identify any possible risks.
“Understanding where your most critical assets are and who has access to them is a vital component of any cyber-security strategy.
He said even with all these measures in place, due to the increase in sophistication of hackers, it is important to always be prepared for a cyber-attack and have an incident response plan in place to mitigate the impact a security incident can have on your organisation.
“Bunnings and FlexBooker is another unfortunate addition to the rapidly growing list of victims of cyber-attacks in Australia and globally.
“It is important that organisations, large or small, prioritise the uplift of all facets of their cyber-security policies as well as ensuring their vendors do the same.
“Adopting a proactive approach rather than a reactive one when it comes to fighting back against supply chain attacks and cybercrime is the best way to protect your business from becoming the next cautionary tale.”
Although the Bunnings breach occurred in December, the company took an unprecedented step of issuing a warning to its customers just last week.
Like What You Read?
Howdy! Thanks for dropping by and reading our stuff. DailyStraits.com is an independent website that covers all things business and entrepreneurship related. If you like what you read, a little donation from your good self will go a long way in helping us run this site successfully. Thank you!
$5.00
For interview requests and press releases, please contact us at editor@dailystraits.com. For advertising inquiries, please email sales@dailystraits.com. Thank you.