By Ajay UnniTweet
Just a week after Optus fell victim to a cyberattack that led to the sensitive information of nearly 10 million customers being exposed, Telstra has been subject to a data breach through a third-party vendor.
Based on initial findings, the data breach happened to a third-party vendor who provided a rewards program for Telstra staff, and was subject to a data breach.
That data of Telstra employees dating back to 2017 was published to the same online forum where the Optus breach was shared last week.
The leaked data consisted of nearly 30,000 names and email addresses of past and present staff. Although this is old data and limited to only first and last names and work email addresses, a total of 12,800 of the 30,000 names are still employed by Telstra.
Telstra is currently working with the authorities and their third-party vendor to determine the cause of the breach.
A third-party breach occurs when a cybercriminal targets an organisation through its partners or vendors.
Malicious actors launch a cyberattack on the typically less secure systems of a third party to access and steal sensitive information.
In an interconnected economy where companies are reliant on external suppliers to function, it is essential to manage third-party risk.
Each vendor, partner or supplier directly or indirectly impacts the overall cybersecurity of your organisation.
So how do you reduce third-party risk?
To start with, organisations need to acknowledge the existence of third-party risk and work on understanding their exposure – defining their tolerance to risk goes a long way in combating cyber attacks targeted at third parties.
Organisations should also ensure the third parties they work with understand their supply chain process and that processes to manage third-party risk are established.
Another method to reduce third-party risk is to ensure that cybersecurity is covered in the contract given to potential third-party partners.
Once an organisation is in partnership with a third party, it is important that risk is continually assessed and monitored.
This can be done through the use of vendor risk assessment questionnaires.
These questionnaires can help make sure that a vendor’s internal data handling practices and procedures are secure and can help you identify any possible risks.
Understanding where an organisation’s most critical assets are and who has access to them is a vital component of any cyber-security strategy.
Finally, even with all these measures in place, there is a chance that organisations still may succumb to a cyberattack.
Hackers are sophisticated and are continuously thinking of new and ingenious ways to carry out cyberattacks.
Therefore it is vital that every organisation has an incident response plan in place to mitigate the impact a security incident can have.
About the author: Ajay Unni is cyber-security expert and founder of StickmanCyber. This is an opinion column. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of this publication.
Editor’s Note: You can now download our app on the Google Play Store or the Apple Store, or write your next best-selling novel with our sister app Toolis, available on the Apple Store and Google Play Store or purchase something from us at www.tapiroo.com, yayaezzy.com or at lazybumskincare.com.au.
We are happy to note that we are also now on Amazon Australia. Purchase our products as a show of support to us. They are Yaya, Ezzy, Tante June and Xeno backpacks or our beauty products such as LazyBum Skincare Facial Cleanser, LazyBum Skincare Toner and Moisturiser and Blitz Hair Oil Spray.
Also, check out our rate card and media kit here if you would like to advertise with us on this website. Thank you!
Like What You Read?
Howdy! Thanks for dropping by and reading our stuff. DailyStraits.com is an independent website that covers all things business and entrepreneurship related. If you like what you read, a little donation from your good self will go a long way in helping us run this site successfully. Thank you!
Welcome to dailystraits.com. Please send all interview requests and press releases to email@example.com.