Security Everywhere: ANU Data Breach
Contents
If I had a dollar for every time the ANU data breach was said to be “sophisticated”…
On the 17th May 2019, an alleged 19 years worth of records and data was reported to have been accessed and stolen.
One question that immediately strikes me.
Nineteen years…!?
That’s alot of data. Why was there nineteen years worth of data kept online?
Sure it’s important to keep a record. But at least to me, there should be no need to maintain old data. It’s most likely out of date, and hence useless. If you want records to boast the number of records… just make your program += 1000
It’d be nice if Australia had some sort of data retention policy - an Australian GDPR of sorts (but even then, GDPR supposedly doesn’t cover all data)
Pew pew! 🔫 Who’s to blame?
Whilst alot of articles suggest China as the culprit - there is no conclusive evidence apart from just speculation.
From a legal point of view, identifying the attacker is important in seeking retribution…
But we should also consider, how were we attacked, what was attacked, and how to do prevent this from happening (for a third time smh…)
What can we learn from this?
Better security
Well I guess that’s pretty obvious right.
Improve your firewalls, access policies, those things…Offline storage of data
You can’t access data if it’s not accessible… right..?
Take the databases off the intranet network. You don’t really need access to these things remotely right? You’re not going to view records in your bed at home… right……
Or even, dump the data into storage tapes, where they are physically disconnected from any computer system.
Computers will never truly be secure. The more we implement a system, the more that system can be exploited and misused
In this day and age, we’re trading privacy for convenience - when in reality we should just stop being lazy.
Don’t you reckon that all news sources sort of just copy facts from each other. How do you really find out the truth if the truth is the first publish source. Mmm…