The head of Australia’s spy agency is pleading with people to stop advertising their security clearance on social media sites like LinkedIn as he warns of the country facing “facing an unprecedented challenge from espionage and foreign interference”.
In a speech on Tuesday, director general of the Australian Security Intelligence Organisation (ASIO) Mike Burgess said Australia needed to “lift its game” when it comes to taking cyber security seriously.
“For some time I’ve been warning that foreign spies are targeting Australians on social media. To find out if the message is getting through, I asked my team to quickly scan the best known professional networking sites,” Australia’s top spy said.
“They identified nearly 16,000 Australians publicly declaring they have a security clearance, and one thousand more revealing they worked in the intelligence community.”
Thankfully that number is down on the 22,000 people ASIO spotted showing off their access to confidential information back in 2021 which followed a public awareness campaign about what you put on social media.
“I appreciate people want to sell themselves to prospective employers, and may need to mention they have a security clearance, but doing it on a professional networking site is reckless,” he said.
“These people may as well add ‘high-value target’ to their profiles.”
ASIO is apparently busier than it has ever been before as the organisation pushes back against attempted foreign spies gaining access to Australia’s secrets and recruiting lackeys to help do their bidding.
In his speech this week, Burgess mentioned the need to work with both government and business in how to mitigate the effects of insider threats.
“Insiders are current and former employees or contractors who enjoy legitimate access to information, techniques, activities, technology, assets, or facilities,” Burgess said.
“[They] become ‘insider threats’ when they disclose sensitive information without authorisation, conduct espionage, foreign interference or sabotage, or help a third party conduct these activities.
“For someone in the human intelligence business, a well-placed, compliant insider is the ultimate prize.”
Insider threats have long been known to the cyber security industry.
These are people who willingly steal information or install malware onto their company’s networks and are a risk analysts warned may have increased with the mainstream shift to work from home caused by COVID-19.
Trusted insiders have been one of the biggest fears for organisations in the past with a majority of caught insiders simply saying they were willing to compromise their organisation for cash.
Likewise, unwitting insiders are becoming an increasing problem for our national security, Burgess warned this week.
“The best physical security in the world is useless if an employee turns off the camera or fails to lock the gate,” he said.
“A-grade cyber security can be undone if an employee uses ‘password’ as their password or allows remote access to a system.”
Burgess shared examples of people who failed to adequately mitigate risk and gave up confidential information, including people who didn’t realise they were having regular lunch meetings with foreign spies.
He also mentioned an Australian businessperson who connected their work laptop to hotel wi-fi while travelling overseas.
“Designs and other forms of intellectual property were stolen and used to make cheap imitations of the company’s products, which cost the business millions of dollars in lost revenue,” Burgess said.