Census 2016 shut down by cyber attacks
Following a week of calls for a boycott of the 2016 Census amid fears regarding the security of personal information to be collected online this year, no one seemed particularly surprised when the Australian Bureau of Statistics (ABS) confirmed that the system had been targeted, and ultimately disabled, by malicious cyber attacks.
According to an ABS media release, the online Census form was hit by four Denial of Service (DoS) attacks on Census night and was shut down just after 7.30pm as a precaution to ensure the integrity of the data which had already been collected.
While the ABS' description of the attacks as malicious and potentially foreign in origin may alarm those who successfully submitted the Census form before the website was shut down, it appears from the ABS' initial reports that the attacks were focussed on disrupting the online system, rather than gaining access to personal details.
DoS attacks are designed to overload the target's system and are typically used by hacktivists for social sabotage purposes or by cyber criminals to extort a ransom in exchange for ceasing the DoS attacks.
As the attacks appear to have occurred at a time when most Australians had yet to complete the Census form, it seems plausible at this stage that the primary goal was to disable the system rather than access personal information.
Technology Partner Rob Neely said, "If nothing else, the attacks on the 2016 Census are a reminder of how effective targeted cyber campaigns can be at disrupting network services and public confidence in these services, regardless of the level of protection and forethought.
"It is also an important reminder for organisations to be constantly evaluating the risks posed by their online activities."
Insurance Partner Jon Hunt agreed, adding that, "Organisations should ensure that they have effective cyber insurance coverage in place. This should extend, where appropriate, beyond third party claims for data breach to potentially significant first party losses such as business interruption or the costs of engaging IT and public relations specialists to mitigate the damage caused by these types of attacks."