Story image

Now's the time for Aussie firms to review their security, say vendors

12 Feb 18

There have been more calls from security vendors that Australians simply aren’t prepared for the Notifiable Data Breaches scheme, even just with less than two weeks to go before the scheme takes effect.

Security firm Centrify says that Australian businesses may become targeted like ‘sitting ducks’ if they use perimeter controls to protect confidential data and a spokesperson from Splunk say it’s a timely reminder that organisations should review their security infrastructure.

Under the scheme, Australian organisations who fail to report data breaches or lost data could face up to fines from $360,000 for individuals and $1.8 million for businesses.

According to Centrify’s senior director for APAC sales Niall King, many businesses are ‘security sitting ducks’.

“Today, businesses use a combination of cloud, on-premises and mobile services, which means traditional perimeter-based security is no longer effective,” he explains.

He believes that businesses should adopt a zero trust security model. The model suggests that users inside a network are no more trustworthy than those outside it.

Splunk’s Area VP for A/NZ Simon Eid says that it’s also a good time for organisations to re-evaluate their security infrastructure.

“Now is the time for the c-suite to consider whether they need to shift their approach to security within the business as a whole, in order to comply. By taking steps now to ensure data is secured and managed appropriately, organisations can decrease the likelihood of a data breach,” Eid explains.

Niall King cites Centrify-sponsored Ponemon research that found data breaches damage corporate and customer trust.

““Ponemon found the stock value index of 113 randomly selected global companies declined by an average of five per cent on the day a data breach was disclosed and experienced a customer churn rate of as much as seven per cent. Also, one third of Australian consumers impacted by a data breach reported they had discontinued their relationship with the organisation that experienced the breach,” he explains.

“This is a vital lesson for organisations to learn as Australia law mandates data breach disclosures.”

King believes that organisations need to focus on protected identities rather than the network perimeter.

Eid takes a different approach and says that organisations need to have a data breach response plan.

“Australian organisations need to take the government’s sharpened focus on cyber security as a warning that there’s no guarantee their network will never be attacked. Having access to and analysing all data is integral to detecting where a data breach may have occurred. The next step is implementing a clear data breach response plan so the right people can take steps to mitigate the situation, which includes notifying individuals whose data has been exposed,” Eid concludes.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”