WA court ruling sets precedent for business liability when exposed to scammers
Their title not mine but it has ramifications for all Australian businesses
"A recent court ruling has set the bar for how far businesses need to go to protect themselves against cyber criminals, according to experts, but the good news is it shouldn't be hard to meet."
"A cybersecurity expert who testified in the case said the scammer had gained access to the Mobius director's email account — meaning there was no way for Inoteq to tell it was fraudulent without a phone call"
"But Judge Gary Massey ruled it would still have to pay its debt of more than $190,000 to the legitimate bank account, with interest."
"He told the court the company had the ability to protect itself by calling the fraudulent number a second time to double check, but it failed to do so"
Apparently, cybersecurity staff training is still lacking in this country although we have plenty of resources (not just those provided by ACSC), and people are not wising up as to how to protect themselves when using online services, or any device that is connected to the internet.
Although I can't prove it, I am fairly certain that the IT department of Mobius would have been exercising "best practices" of the time.
Since the incident occurred in 2022 and the number of high-profile incidents that have happened within this country (Optus, Toll, Medibank ...), I hope that people in managerial positions and those in the finance department are starting to pay attention.
I read somewhere once, that TOTP based MFA can block 99.5% of account theft. It's in the essential 8 and rammed down people's throats in Information Technology.
Guidance from the ACSC can be found here, for everyone. The Americans, Singapore, Brits all have similar guidance and programs, some of which make our governments endeavors a little lacking.
Authorised by the Australian Government, Canberra
I drive a truck, yet even I know this stuff, albeit - I have an interest.
#enoughsaid #australia #cybersecurity