PREMIUM
Opinion

Ask a Tech | Invest in cybersecurity after alleged Medibank hacker is named

Named: A Russian national has been identified as being allegedly involved in the 2022 Medibank hack. (AAP Image/Dave Hunt) Photo by DAVE HUNT

Federal Foreign Minister Penny Wong has officially identified a person allegedly involved in the 2022 Medibank hack.

Senator Wong said Russian Aleksandr Ermakov was involved in the 2022 Medibank hack, which resulted in the exposure of personal information belonging to over 9.7 million customers.

This is the first use of Australia’s autonomous cyber sanctions framework, which has seen stringent measures taken against the alleged hacker and the public disclosure of his identity.

These measures include a travel ban and financial sanctions, making it a criminal offence to provide any form of financial support to Mr Ermakov, including transactions involving cryptocurrencies and activities related to ransomware.

By publicly naming Mr Ermakov, the government has brought him into the global spotlight.

The investigation into the Medibank hack spanned 18 months and involved close collaboration between Medibank, the Australian Signals Directorate and various international agencies such as the FBI and the UK’s GCHQ to unveil the identity of this individual.

The ASD expressed its gratitude to Microsoft for its assistance during the investigation.

During the announcement on Tuesday, January 23, Cyber Security Minister Claire O’Neill also emphasised the availability of resources from the Australian Cyber Security Centre for businesses to enhance their cyber-security efforts.

This initiative is part of the national cyber-security plan aimed at making Australia one of the most resilient countries against cyber threats by 2030.

A key strategy for businesses is to begin implementing the ACSC Essential Eight.

This framework comprises eight core strategies, each with four levels of maturity.

I strongly recommend that all businesses explore the Essential Eight and adopt its user-friendly recommendations.

Furthermore, consider engaging with or becoming a partner of the ACSC, as it offers vital information on emerging threats and conducts regular training sessions for all technical and non-technical personnel across organisations.