It almost goes without saying that data breaches have become a headline making daily occurrence. Locally there have been numerous high profile data breaches in the past few months, with both public sector and private sector organisations being targeted. Just to name a few: the Department of Finance, the Australian Electoral Commission, the National Disability Insurance Agency, the Department of Defence, Medicare, AMP, UGL, the Australian Red Cross, Dominos and most recently Uber have all suffered breaches of Australian customer data over the last couple of months.
It’s alarming that even Uber, a company commonly regarded as a major digital disrupter, seemingly forgot the cyber security basics and failed to provide proper governance. Moreover, what most of the breaches mentioned above have in common is that the hackers got in through security vulnerabilities that could have been avoided by following basic “cyber hygiene” procedures.
For instance, the recent hacking of an Adelaide defense industry contractor in which commercial details of military aircrafts were stolen, revealed that hackers had gained access by exploiting a 12-month-old vulnerability in the company’s IT helpdesk portal. The ASD also found the contractor had not changed its default passwords on its internet facing services.
In just a few months no doubt it will be made known just how prevalent data breaches are, with the federal government’s Notifiable Data Breaches Act (NDB) taking effect on 22 February. This will require organisations with an annual turnover of more than $AUD3 million to notify affected customers and report the theft of personal information to the Office of the Australian Information Commissioner (OAIC). Organisations that fail to meet the requirements will face fines that could reach more than $AUD1 million. “Doing an Uber” will be unlawful so organisations need to be working even harder to get their technology, people and processes ready for compliance…Click here to read full article.