Summary of MediBank’s security weaknesses assessment.
The Australian government reported the Medibank Private breach in 2022 as one of the worst data breaches in the country’s history (DataBreaches.net, 2024). The attack was speculated to have been implemented by a Russian cybercriminal and led to the compromise of data belonging to four million people and a breach of about 9.7 million company records (McElroy, 2020). It is, therefore, prudent to examine the threats, risks, and vulnerabilities that led to the attack since such knowledge is essential to avert future attacks.
Medibank’s Threats
One of the threats the company faces is phishing. Phishing can expose the massive health insurance providers’ data of more than 3.7 million customers (McElroy, 2020). This can be done when a hacker uses emails similar to the company’s to contact employees so the workers share sensitive information with the hacker, subsequently compromising the information. Examples of the tricks used to implement the threat are the use of a suspicious email address, an urgent subject line in emails, prizes or money offers in emails, and the use of hyperlinks that can be used to make a hacker engage in phishing. The other threat is Malware, which uses malicious software, including worms, viruses, Trojans, and ransomware, that can disrupt the operation of a company, such as what was witnessed at Medibank. The company’s other threats that can lead to a cyberattack are SQL injection, man-in-the-middle attacks, denial-of-service attacks, and distributed denial-of-service attacks.
Medibank’s Risks
After the cyber-attack that led to the Medibank Private breach, it was evident that the organization faced numerous cybersecurity risks, and the information kept in the company was at risk of falling into the wrong hands. The company’s principal risk is the risk of data breaches that expose sensitive information to hackers. Another risk the company faces is financial losses that emanate from ransom payments made to attackers and system downtime after the disruption of a company’s operations (McElroy, 2020). The other risk the bank is exposed to from cyber-attacks is the disruption of operations that can affect the provision of services and compromise the critical infrastructure of the business, thereby leading to economic instability.
MediBank’s Vulnerabilities
The vulnerabilities that expose a company such as Medibank to cyberattacks include weak passwords in its IT system, making it easy for a hacker to guess a password and infiltrate the company’s systems. The report that examined the event before the cyber-attack at Medibank revealed that employees bring their own devices to work, which can be used for phishing, primarily when an employee performs certain company activities using their devices. The bank is also vulnerable to attacks since some of the company’s systems use outdated software that may be easily attacked due to poor security issues that outdated software usually faces (Infosec Institute, 2023). The training that employees have at Medibank was also found to be a vulnerability since the majority of employees are not comprehensively trained on cyber security issues and are therefore at risk of clicking hyperlinks or downloading software that attackers can exploit to gain information to infiltrate the company’s systems (Infosec Institute, 2023). The company also faces the vulnerability of poor encryption practices since most of the hacked data was found to have been poorly encrypted and, therefore, could easily have been intercepted and used by attackers to commit a cyber-attack in its IT systems.
Areas That Should Be Improved At Medibank from a Technoliv, Peoive, and Policy Perspective.
From a technology perspective, the areas that should be improved at Medibank are implementing robust cybersecurity protocols, securing networks using regular software updates, strong encryption, and using multi-factor authentication. From a people’s perspective, there needs to be an assessment and verification of the cybersecurity practices of vendors and cybersecurity training of employees on basic steps that can be used to identify and prevent a cyberattack (Infosec Institute, 2023). The bank can implement robust policies on backup and disaster recovery, better policies on management software dependencies, and enhanced policies on securing network configurations.
References
DataBreaches.net. (2024). The federal government slaps targeted sanctions on Russcybercriminalsinals bethe hind the 2022 Medibankcyberattacker attack. https://www.databreaches.net/federal-government-slaps-targeted-sanctions-on-russian-cybercriminal-behind-2022-medibank-private-cyber-attack/
Infosec Institute. (2023). Understanding cyberattacks types, risks and prevention strategies. https://resources.infosecinstitute.com/topics/security-awareness/understanding-cyberattacks-types-risks-and-prevention-strategies/
McElroy, N. (2220 Oct, 20). What we know about the Medibank cyber attack and what to do if you’re a customer. ABC NEWs. https://www.abc.net.au/news/2022-10-20/medibank-cyber-attack-ransomware-explained-and-what-to-do/101555250.