Australian businesses have been warned that they need to start preparing for legislative changes that will be introduced early next year.
The long-awaited Notifiable Data Breaches Bill legislates that from February 2018, businesses can no longer keep quiet about cyber security breaches.
The Bill legislates that any organisation that is accountable to the Privacy Act will be required to inform the Australian Information Commissioner and members of the public if their data has been compromised.
The new legislation mandates that businesses must notify government authorities as soon as is practical of a business being aware, or ought to reasonably be aware, that there are reasonable grounds to believe that there has been a serious data breach.
The Bill brings Australia into alignment with other countries and will provide Australians with greater clarity about the privacy of their personal information.
There have been a number of highly publicised breaches in Australia, and plenty of evidence that organisations haven’t had effective process or procedures in place to prevent the breaches. Not informing affected parties has also been an ongoing trend among companies.
Australian cyber-security provider Alanta-Group CEO Rodd Cunico said there were an estimated 14,800 cybersecurity incidents affecting Australian businesses in 2015/16.
These have resulted in significant direct and indirect costs, relating both to resources to investigate the extent of the intrusion, understanding the harm and the legal costs when impacted third parties may sue for negligence or breach of contract.
Cyber attacks include information warfare, cyber espionage, cyber crime, cracking and cyber terror. Motivations include military or political dominance, gaining intellectual property, economic gain, ego and political change, he says.
Cyber security is the responsibility of every single person within an organisation, he says.
“The threat from cyber and terrorist acts has never been greater. Almost daily we hear of organisations and nation states that have been compromised, lost critical business or customer data, held to ransom or suffered material damage to their reputations,” Cunico says.
“I’ve watched these risks amplify in line with the adoption of mobile devices, social applications, cloud computing and the ever-increasing range of internet and digital services including IOT connected devices.”
Preventing your organisation requires coordinated efforts throughout an information system. These includes looking at application security, information security, network security, disaster recovery, operational security and end-user education, Cunico says.
“Your organisation is only as strong as your weakest link. It’s paramount that employees understand the importance of avoiding phishy emails, keeping software updated, using secure internet connections and multiple strong passwords or multi-factor authentication.
Chris Skipper-Conway is the CEO of Melbourne specialist IT recruitment firm GMT People. She has noticed a rapid increase in the number of employers seeking specialist IT experts with a demonstrated understanding of cyber security.
“Cyber security is big business in Australia, and employers are constantly approaching us with specialist requests for IT experts with experience in the IT space. It’s not surprising given that cyber breaches result in billions of dollars’ worth of financial gain around the world every single year.”
Skipper-Conway is also the chairwoman of Victorian ICT for Women, which works to see women equally represented in ICT roles.
“Our research reveals that women currently only represent 28 per cent of the IT workforce, and that female IT undergraduate enrolments have declined by 65 per cent.
“We believe that the growing need for cyber security experts presents a valuable opportunity for women to get a foothold in a specialist sector of the IT industry.”
Meanwhile, an information evening will be held in Melbourne to educate business owners on cyber security issues. Organised by Victorian ICT for Women, the event will be held at the National Australia Bank, 700 Bourke Street Melbourne on Thursday 12th October. Tickets can be purchased at www.vicictforwomen.com.au