“Ultimately it's the bad guy that's doing the innovation. Everyone else is only ever catching up. So, for whatever scam is going this week, it will change next week, whatever sort of malware code is out tomorrow, there'll be a new one tomorrow. "
So says Ben Jones, MD Continuum Cyber.
"It's about really trying to get a hold of this issue as best as we can and protecting everyday Australians who've been caught up,”
Jones is disappointed that it has taken a series of damaging data breaches to escalate reforms to Australian data privacy regulations. “We've had the compelling event. My concern is policy on the run, which is then going to cause problems down the line for privacy, for consumers, for businesses, and for technology. As those data centres have gone from being a big building in the middle of a field somewhere in California, just as the way that business has changed in terms of cloud security has changed, privacy's going to have to change with it as well,” he says.
“We've got these great rules in place. In Australia CPS 2 34 in very basic terms means that there's a liability now with a board member or director in the event of a breach happening. Now, sadly, whilst this legislation is wonderful, it's essentially been a paper tiger and there's nothing that's really come of it. I think the interesting thing about the current breaches and what comes subsequently is that the tiger will get some teeth. Someone gets an actual consequence, a CEO is charged, a board member is held liable.”
Jones fears that there won’t be as much change as we'd like, but senses it is the tipping point. “I think that legislation will then start really driving, changes. I think it will drive changes in privacy and I think it will lead to a business looking itself in its overall risk review and say, with this data, if we do get popped, where does that leave me as a director, a board member?”
Accelerated response
6 Clicks CEO, Anthony Stevens notes that the Australian government and many governments around the world are now introducing and accelerating the regulation and legislation to protect consumers in particular, but put better safeguards in place for businesses. “The overarching thing there is trust. They want to make sure that you know, consumers can trust businesses and businesses can trust one another. And if data is compromised in some way or another, then that trust obviously falls away pretty quickly.”
A key problem is that many organizations haven't grappled with the basics associated with defining what their information assets are or what is the data that they are trying to protect, says Stevens. He advises that data classification is central to understanding what the risks are and then what processes are put in place to manage them.
Stevens adds that most people in the cybersecurity industry would acknowledge that not everything's always perfect, but open and transparent breach reporting is a mandatory industry practice that assists in containing possible damage. “The first step is awareness. And awareness comes from communication. So if you communicate and people are aware, then they can do something about it.
"The challenge I guess is what we've seen recently with, Optus, Medicare and the raft of other issues that have occurred is that, consumers quite often don’t know what to do or they're not in a position to specifically do anything. That's where a lot of the challenges come because behind the scenes, these businesses are grappling with enormous challenges and at the same time, they need to communicate. So it's not easy to sort of do both those things at the same time and effectively.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
