Australian companies are bungling how they communicate cyberattacks to the public, as the government’s mandatory disclosure laws force more data breaches into the open, security experts warn.
EnergyAustralia said 323 customer accounts were accessed in a cyber-security incident, but no other systems were breached.EnergyAustralia has since prompted customers to update to 12-character passwords, containing both capital and lowercase letters, numbers and symbols. Website Security.org estimates it would take a computer 34,000 years to crack a password of this complexity, based on current computing power.
“We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity,” he said. “All companies make a mistake if they don’t practise this stuff,” Kirk said. “Mature companies have a playbook for what they’re going to do if an incident happens.”