Menu
Can the channel capitalise on Australia’s new mandatory data breach notification laws?

Can the channel capitalise on Australia’s new mandatory data breach notification laws?

With the customer impact of impending new legislation unclear in Australia, security-focused partners are assessing ways to capitalise

L-R - Wade Smith (F5 Networks); Nick Lowe (InfoTrust); Louise Bremberg (Meridian IT); Darren Lynn (Outcomex); Robert Pizzari (Trustwave); Tony Vizza (Sententia); James Wootton (Intalock); David Sykes (Sophos); James Henderson (ARN); Stewart Sim (WebSecure Technologies); Naomi Burley (GRC Institute); Steve Cronan (SecureSoft) and Ken Pang (Content Security)

L-R - Wade Smith (F5 Networks); Nick Lowe (InfoTrust); Louise Bremberg (Meridian IT); Darren Lynn (Outcomex); Robert Pizzari (Trustwave); Tony Vizza (Sententia); James Wootton (Intalock); David Sykes (Sophos); James Henderson (ARN); Stewart Sim (WebSecure Technologies); Naomi Burley (GRC Institute); Steve Cronan (SecureSoft) and Ken Pang (Content Security)

The government needs to take this step forward but it will take an organisation being hit for any change to occur.”

According to the government, the NDB scheme will strengthen the protections afforded to everyone’s personal information, while improving transparency in the way that organisations respond to serious data breaches.

This in turn supports consumer and community confidence that personal information is being respected and protected.

Furthermore, it also gives individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.

“This could have an impact for a short period of time but it could end up being a blip on the radar,” Sophos sales director David Sykes said. “What the government decides to be will determine how impactful this law will be initially.

“I think it will be necessary from a consumer point of view because people need to have confidence. But the conversations we are having with our customers centre on reputation and revenue damage.

“If you’re being fined, chances are you have a whole bunch of other problems that are a lot bigger and more expensive to worry about, and that’s the conversation that partners should be having.”

Louise Bremberg (Meridian IT) and David Sykes (Sophos)
Louise Bremberg (Meridian IT) and David Sykes (Sophos)

Going forward, recommendations are in place advising organisations to review internal practices, procedures and systems for securing personal information in preparation for the scheme.

But despite a flood of information and awareness, is the end-user prepared?

“One of the scary parts of the industry that we’re seeing is the targeting of utility providers, such as water and energy,” Trustwave senior vice president Robert Pizzari added. “This represents the fundamentals of how any economy across the world operates and runs.

“If any of those facilities are compromised, then forget about how strong your cyber protection is if you’re a bank or ecommerce website, because this will have serious implications.

“The government must be seen to put a platform in place and start a process around education. But it’s not just about educating the enterprise, it’s also their own departments around having the correct security posture.”

Organisations that suspect an eligible data breach may have occurred are required to undertake a “reasonable and expeditious” assessment to determine if the data breach is likely to result in serious harm.

Yet despite directives at government level, many businesses still believe such legalisation is applicable.

“The mentality that we still see is that organisations don’t believe they are at risk,” InfoTrust director of enterprise cyber security services Nick Lowe said. “It will take another organisation in a similar vertical or of a similar size to take a hit before they take notice.

Robert Pizzari (Trustwave); Stewart Sim (WebSecure Technologies); Nick Lowe (InfoTrust) and James Henderson (ARN)
Robert Pizzari (Trustwave); Stewart Sim (WebSecure Technologies); Nick Lowe (InfoTrust) and James Henderson (ARN)

“We see businesses of all sizes in the same boat in that respect but the ASX 100 Cyber Health Check report is forcing organisations to think. They can’t afford to be exposed in the media, therefore they are now looking for guidance around where to start.

“There’s a role for the partner to start from the ground up with the customer to help these businesses prepare, which can be through consultancy services.”

Published in April 2017, the ASX 100 report addressed six key areas: understanding the threat, leadership, risk management, awareness of help, cyber incidents, investment and customer data.

Of the top 100 companies invited to participate on a voluntary basis, 76 companies took part, with findings reporting a high level of risk awareness among directors, but gaps in organisational preparedness and resilience.

“Who in the organisation accepts responsibility?” SecureSoft Distribution national business manager Steve Cronan asked.

“What is risk and what level of risk should we accept? And what are we going to do about it when that happens?

“It’s very easy to talk about legislation but these are the questions that require answers. It’s about continuing the work of the ASX 100 survey, which suggests that there’s still a great deal of opportunity for the channel to pursue.”


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags sophostrustwaveF5 NetworksSecureSoft

Events

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

WIICTA 2023

ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments