2018 was an eventful year for cyber security in Australia. The Notifiable Data Breach Act was enforced early on in the year and the My Health Record Act was amended to introduce stricter and more detailed regulations. In order to update security professionals on new developments in the industry, Giva has compiled a list of upcoming cybersecurity events in Australia during 2019:
Customer service (CS) and data security are two equally important aspects of any successful organisation. While a great customer experience (CX) will bring in more foot traffic, no amount of "wow" experiences and smiles will restore a customer's trust in your security capabilities once it is broken. This brings about the difficult discussion of choosing between prioritising CS or data security. But while many mistakenly believe that one must be compromised for the sake of the other, the reality is quite different. Organisations should consider data security to be a part of their CS and find a way to reach a solid middle ground in both areas. Good CS and strong data security are not mutually exclusive so long as an optimum balance is achieved between the two.
Most companies have come to terms with the importance of cyber security. Healthcare organisations are proactively adopting new and improved security measures in anticipation of any incoming attacks. But how long can such measures hold against evolving threats? And are they scalable in nature?
The Australian My Health Record initiative is expected to take off in early 2019. Australians have been given until 31 January 2019 to opt-out before an account is automatically created for them. But, while this provides patients and healthcare providers with a more convenient way to manage and share patient data, it also raises many controversial privacy concerns. A significant issue that is expected to arise is the increase in privacy breaches. This is a result of employee negligence or spying, leaving electronic health records (EHR) vulnerable to illicit access.
The Australian Government is in the process of transforming its My Health Record initiative from an opt-in to an opt-out one. Initially, the Australian Digital Health Agency had given people until mid- October to opt out before an account would be automatically made for them, but heavy backlash has prompted the Federal Government to amend the My Health Record Legislation and introduce stricter and more detailed regulations regarding patient records.
In spite of the growing cybersecurity awareness across most organisations, 2017 presented us with some of the worst international cyber attacks to date, affecting even some of the greatest corporations. Consequently, it is expected that CIOs and security professionals alike will begin to proactively develop more reformed approaches to cybersecurity within their organisations. Below is a list of some of the predicted security trends for 2018:
In mid-February of 2017, the Australian Government passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB). This act, effective as of 22 February, 2018, establishes an obligatory data breach notification process on the national level. It functions as an amendment to the pre-existing Privacy Act 1988, and means that all organisations covered by this act also fall under the new NDB Amendment and must comply with its rules.
By the end of 2017, the Australian federal government will propose new legislation that will force the hand of technology giants. These laws will oblige companies like Facebook and Apple to decrypt messages that are sent or received by suspected criminals, drug traffickers, pedophile rings and terrorists upon the request of law enforcement agencies. The government will also have the ability to monitor devices and networks.
Reports claim that Australia's Medicare system has been breached and people can now buy the medicare details of any Australian individual for about AU$30 on the Darknet. It is believed that the breach did not occur as a result of a cyber attack and that the information was likely accessed via a doctor's office or through another unknown vulnerability.
It seems many people have come to believe that the effect of the WannaCry ransomware attack is over and that they have emerged unscathed. But victims letting their guard down was the very reason why the first version of the breach spread quickly, and some apparently have not learned from others' mistakes. Not long after the commotion following the outbreak died down, one of Honda's production plants was infected by it and was forced to close its doors for a day. But it was not the only major company to come under attack recently.