Welcome to the latest issue of the Australian Cyber Security Magazine. 2018 has been an interesting year so far. Australia is settling into our new privacy legislation, while the rest of the world went GDPR crazy for a few months, at least until the date passed and most of the hype died down. It seems that, for now, it’s back to business as usual and hopefully getting some real security done. I have a question, though. Why is that when a policy change like GDPR (or our own NBD scheme) is on the horizon, security vendors feel the need to resort to the playground tactics of fear uncertainty and doubt rather than providing good solid advice? Hackers want to steal your data and the only way to prevent being fined by the GDPR gods is to buy our product… Given the number of begging emails I received from companies not wanting to see my address drop off their mailing list, the real benefit GDPR brought to the public was we could opt out of junk mail without having to click on unsubscribe. To me this was a welcome public service, so thanks a lot, EU.
In the last week we’ve also seen the second quarterly Notifiable Data Breaches Quarterly Statistics Report published by the Office of the Australian Information Commissioner (OAIC). Following the changes to our Privacy Act, Australia’s introduction of mandatory breach notification means the OAIC is finally getting solid data on the number of attacks, the style of attacks and the information assets the attackers were targeting. Since the OAIC committed to publish quarterly reports containing summaries of their findings, we can all benefit from looking at the numbers. This quarter’s report made for interesting reading as it represented a different story than the first report back in March. Most of the attacks reported to the OAIC at the beginning of the year related to the accidental release of personal information – i.e. human error. This time things were very different. A whopping 59% of breaches were attributed to malicious or criminal activity, while human error dropped to 36%. OAIC also got more reports this time (242 up from 63 back in March) but we need to be careful about interpreting this as anything other than more organisations knowing what to do with the new legislation. I doubt very much that the number of hacks has gone up by 400% in a couple of months – people are simply understanding the law better and likely erring on the side of caution and reporting even small breaches to the OAIC…Click here to read full article.