sb-au logo
Story image

Looking at what lies ahead in a Post-NDB world

Article written by Fortinet A/NZ senior regional director Jon McGettigan

After months of waiting, last month the Notifiable Data Breach (NDB) legislation came into effect in Australia, bringing us in line with many nations across the world who have similar laws in place. After the long anticipation, however, the question now is ‘what’s next?’.

GDPR too is just around the corner, with a whole range of new implications for organisations which are active in the EU. The new reality is that NDB is going to help organisations realise there are unknown threats out there. With the legislation in place, non-compliance is no longer an option.

Because of NDB, businesses with lax security will now be put in the spotlight and must notify both authorities and affected individuals once they have reasonable grounds to believe there is an eligible data breach. Businesses who don’t commit to protecting their customer’s data will finally have to face the consequences, and for many, this will be a big wake-up call.

According to data from the Attorney General’s Office (Identity Crime and Misuse in Australia 2016), 5% of Australians, in other words, almost one million people, were exposed to a breach of their private information in 2016 bringing the total economic impact of identity crime in Australia to approximately $2.6b per year.

Non-compliance with the legislation is only set to see the number of reported breaches rise and consumers exposed, as organisations who previously kept breaches under wraps now have to come clean. The repercussions for non-compliant organisations are also steep and we are yet to see the full spectrum of how this will be managed when a large-scale breach occurs.

But compliance is more than just meeting regulation commitments, it’s about adapting to a threat-aware, risk-based approach. There’s a broad scope of readiness among Australian businesses; some have encrypted and properly stored their data well and truly ahead of the legislation coming into effect. Others may not have even started their NDB readiness journey, too overwhelmed or not sure where to start.

NDB will hopefully shift the dial on the way organisations think about the threats they face and the necessary steps to mitigate risks before a breach occurs.

So, how can organisations adopt this threat-aware, risk-based approach?

Time Sensitivity

The challenge is to detect when a qualifying breach has taken place and determine which assets might be at risk within the 30-day specified timeframe of NDB. The organisations, therefore, need to have data security as an integral part of all systems from the outset, rather than something applied in retrospect.

Minimising Exposure

Taking the approach to always anticipate and avoid risks where possible, it is necessary to minimise both the number of network intrusions and their time to detection. This reduces exposure to the potentially crippling implications of a serious data breach. A new approach to security in which all key components of the security infrastructure are woven together into a seamless fabric is the way forward.

Risk Assessment

Running a full risk assessment is a useful exercise too. This highlights any potential issues and helps you avoid further problems down the track by managing risks before they become a big problem. It also helps your organisation be quick to identify when breaches have happened and report in line with NDB’s requirements.

If your organisation doesn’t have the correct processes and systems in place, it’s not too late to adopt a threat-aware, risk-based approach. Taking the proper steps to manage issues before they arise will help keep you on the right side of compliance and your organisations’ wellbeing intact.

Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
The intelligent workspace for Australian businesses returning to work
With the right workspace management tools, businesses can easily access information about who is in an office, how long they have been there, and how long they can stay.More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More