Story image

A/NZ organisations slack in Notifiable Data Breach scheme

13 Mar 2019

Following the introduction of the Notifiable Data Breach Scheme (NDB) in February 2018, a survey of ANZ businesses by CompTIA has revealed some concerning findings.

Despite the enforcement of NDB, 23 percent of organisations haven’t made any change to exsiting security policies to comply, while another 35 percent of respondents aren’t sure if their organisation has made changes.

According to the Office of the Australian Information Commissioner (OAIC), more than one third of companies that had data breaches in the past quarter passed on private customer information because of simple human mistakes.

“With human error accounting for a large proportion of breaches, it is concerning that some people are not even aware of whether their company has changed its policy to comply with the NDB,” says CompTIA ANZ Channel Community executive council member and Datto APAC director of sales James Bergi.

“Education and awareness need to play a critical role in protecting customers and mitigating risk.”

When it comes to incident response, 37 per cent of respondents said their organisation did not have formal policies and procedures, but relied on unwritten rules that were typically followed. A further 14 per cent did not have policies and procedures addressing security incident responses.

In the July-September 2018 quarter, 245 breach notifications were reported to the OAIC.

“These breaches are happening, and will continue to do so, which means organisations need to take the threat seriously and make sure they are compliant with the legislation,” says Bergi.

According to the respondents with formal response plans, these included roles and responsibilities for addressing the incident (90 percent), complete backup/recovery plan including prioritisation of systems (80 percent), identification of affected systems (75 percent), identification of attack (74 percent), education on how the incident occurred and future mitigation strategies (73 percent), and a public communications plan if customer/partner data was affected (55 percent).

“Most businesses think they are in control of security. However, the reality is quite different for many. It can be easy to forget how dynamic the danger is, and cybercriminals rely on this complacency,” Bergi says.

“A security risk assessment is an effective way for businesses to assess their current posture. Businesses should treat information security risk assessments as an ongoing process of discovering, correcting, and preventing security problems.”

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."