Story image

GDPR: Australia is at the tip of the security iceberg. It’s time to sink or swim

24 May 18

Article written by Splunk A/NZ Area VP Simon Eid

Protecting personal information in the digital age is a key priority, albeit a key challenge, for many Australians. The question of who controls the way data is gathered, used and shared is becoming increasingly top of mind as the world prepares for the introduction of the General Data Protection Regulation (GDPR) on the 25th of May, 2018.

The GDPR is one of the most sweeping regulatory changes related to data protection ever introduced at such a large scale, anywhere. It includes requirements for the appropriate technical and organisational measures to mitigate risk and mandatory disclosure of breaches to impacted EU citizens and supervisory bodies. Failure to comply could mean fines of up to 20 million euro or up to four percent of an organisation’s worldwide annual turnover.

What does the GDPR mean for Australia?

In February, Australia was first to roll out its data privacy regulation with the introduction of the mandatory data breach notification scheme. Within the first six weeks of the NDB scheme coming into play, the Office of the Australian Information Commissioner (OAIC) received 63 reportable data breaches.

This seems like a relatively high number of breaches, suggesting that the legislation may not be strong enough to ensure compliance. At the same time, hackers are refining their art and outpacing security defences.

Importantly, the GDPR applies to any organisation conducting business in the EU. Now is the time for Australian companies to get on top of the local regulations and start to navigate the requirements that come with the GDPR.

With this in mind, it’s time to look beyond traditional security solutions, to data protection and recovery. Dynamic resources for real-time intelligence that help detect ransomware threats are critical to helping organisations drive better security practice proactively. Let’s take machine learning data as an example.

Security management and breach notification

Insights from machine data provide early warning of threats to digital infrastructure. A digital environment produces massive volumes of activity logs that can be used to detect unauthorised access.

Machine data can tell you whether there is login activity associated with an employee who is out-of-office, raising a possible red flag. You can also identify when a new mobile device is enrolled in your system or logs into a VPN, providing early warning of compromised credentials that can help you prevent data exfiltration.

Data protection auditing

While it’s important for organisations to become quicker and smarter at responding to threats, we also need to think about how to comply should a breach occur. When a breach is reported, the GDPR grants authorities permission to carry out data protection audits to check if the organisation’s security policy factors in “state of the art” technologies to its IT security policy.  

Machine data provides the historical information organisations need to demonstrate to controllers and supervisory authorities that they had appropriate security controls in place and proactively worked to mitigate risk. Whether it’s technical configurations and their changes, password reset history or update history, machine data can be used to document all of these and many other key security considerations.

As the GDPR looks set to take data protection to a new level, there’s no doubt many organisations feel daunted by the requirements and complexities that come with it. Those who jump on board by strengthening their security posture will be well positioned to comply. Those who don’t, risk drowning. Now is the time for businesses to tap into machine data as a step in the right direction when it comes to GDPR readiness.

The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."