[BreachExchange] Australia: Scaling up to meet the rising cyber challenge

[Audrey McNeil]

http://www.afr.com/news/special-reports/cyber-threat/
scaling-up-to-meet-the-rising-cyber-challenge-20171213-h042ti

With organisations required to report serious data breaches as part of the
Privacy Amendment (Notifiable Data Breaches) Act, from late February next
year, the hope is organisations will become more conscious of their
responsibilities around consumer privacy.

It is a hope because the maximum fines for large organisations are
relatively weak compared to the European Union's General Data Protection
Regulation which can penalise large organisations up to 4 per cent of their
worldwide turnover for breaches.

The hope is the federal government will devote a lot more energy to cyber
security next year and there will be some real innovation in the space. If
the reaction of the Prime Minister's Special Advisor on Cyber Security,
Alastair MacGibbon to Uber failing to disclose the breach of 57 million
users' data for over a year is anything to go by, the hope may be
well-founded.

According to the chief operating officer of the Australian Cyber Security
Growth Network Michelle Price, the government can sometimes be poor in the
way it communicates the issues associated with cyber security but
MacGibbon's "calling out of Uber was just right".

She suggests most Australians have remained blissfully unaware of the
cyberthreat and that's been partly through poor messaging from the
government but that's improving and when the new mandatory reporting bill
comes into effect it should rouse organisations into action.

"So many organisations are vulnerable to cybercrime. Boosting security with
simple enhancements such as two-factor authentication will make a
difference for many small businesses," Price says.

She says while most large organisations are already developing
cybersecurity strategies involving a mix of internal and outsourced
resources, smaller organisations have quite a way to go.

"There is plenty of good advice out there to get the right solution. What
people have to realise is no question is a stupid question in this space
and what they will be doing is getting the right advice from people who do
care."

Managing director of national identity and cyber support company iDcare and
Professor in Cyber Security at the University of the Sunshine Coast, David
Lacey says next year we will hopefully see a more networked response to
cyber security.

"It needs to be a lot more citizen-centric and the government needs to come
to an arrangement with the business community to share information about
what threats are out there and how we can develop a networked solution to
mitigate against the threat.

"We have to find new and effective ways for business and government to
share information. If anyone can aspire to a networked solution it's
Australia because of our natural advantages – size of population and
geography."

Senior regional director of Fortinet, Jon McGettigan agrees the government
is beginning to better communicate the cyber threat but he says
organisations need to rethink how they perceive security as well. Stop
thinking of it as an insurance policy and more of a business enabler, he
suggests.

He says smaller organisations can "dip their toes into security for as
little as an hourly cost" or they can buy something specific.

The key, according to McGettigan, is that organisations have to look at how
security systems collaborate and communicate together.

"You could have a gold-plated security system at one point but it doesn't
talk to another system. People need to understand there isn't one single
threat vector so having adequate security in place means ensuring all
systems can communicate with every level."

He says collaborative security systems can identify problems and find
solutions. For example, many hackers come in through an organisation's
email systems so if the systems are all talking to each other, the quicker
you can mitigate and minimise the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171214/49014704/attachment.html>