Part 1: An Australian Example
Often, when we are presenting the state of the cyber security landscape and the risks that unprepared customers expose themselves and their businesses to, we get a real sense that customers nod but don’t really appreciate the gravity of the reality. Seeing statistics on a page and bridging that to a scenario that they can wrap their heads around and relate to their business is hard. Too regularly we have to see a customer being impacted themselves before they realise the magnitude of the danger to their business and their staff that a cyber attack brings.
To help bring home an actual example of a cyber attack on an Australian business which has had significant brand damage, broken trust with upstream providers and customers and created a demonstrable financial impact to their business, you don’t have to look much further than Landmark White.
By now, many of you should be aware of the difficulties facing Landmark White (LMW), one of Australia’s leading independent property valuation organisations. These difficulties have built over the past year, precipitated by a breach leaking customer valuation records that left about 37,500 unique valuation records and 1680 supporting documents sitting openly on the Dark Web in early 2019.
Despite being contacted anonymously through live chat and through the corporate Twitter account, LMW were slow to respond to initial notifications of the breach, with their Twitter channel unmanned over the Christmas holiday period. After a further email notification from the Australian Cyber Security Centre to a vulnerability on an exposed programming interface on their platforms, LMW claim to have closed the vulnerability by January 23rd.
After this breach and subsequent notification of same, LMW stopped trading on the ASX in February 2019. As a result of the incident and the publicity that it received, LMW was “suspended from receiving work from a significant number of clients which is impacting our revenues, profitability and cashflows," company secretary and CFO John Wise wrote in a letter to the ASX.
A second breach involved posting to SCRIBD that “mostly comprised PDF valuation documents and other operationally related commercial documents”. This incident LMW believe was precipitated by corporate sabotage and potentially internally generated in nature. This next breach was shortly followed by an exodus of staff from the Sydney franchise business a fortnight later. Heading into a trading halt again following this secondary breach, LMW’s market capitalisation more than halved from $39 million at the close of 2018 and to $15.3 million when shares were suspended in June 2019.
There has been much speculation that LMW directors are seeking an exit for the business with leaked emails from the acting Chief Executive Tim Rabbitt stating they “have to consider alternative options for the business including the potential sale of the whole or parts of the business”.
This is an absolutely horrific scenario and I’m sure there are many people within LMW today who would love to be able to roll back the tape and make some different decisions on how they prepared their business and their cyber security approach.
In part 2 of this article, I will spend some time discussing the biggest drivers we see related to cyber security incidents and outline some suggestions on how you might position your business to best defend itself from the potential of a cyber attack.