All Australian businesses – not just those engaged in the national security arena – need to realise the cyber landscape has changed, says Minister for Cyber Security, Angus Taylor.
Too many businesses have "head in the sand"
Australians need to be better educated about cyber security, says Taylor, as he announced the federal government plans a major new public awareness campaign on cyber security issues.
"We must bring the reality of the threat to every person in Australia. The risk and costs are too great if we fail.
"Words like malware, denial of service attack or phishing don’t mean very much to the average Australian. But the consequence of those three terms do – you can lose your entire business overnight.
“We must get better at communicating this to the general public. Too many of our companies, and I'm not just talking about mum-and-dad operations, have their heads in the sand about this."
Ignorance is "poor excuse" says Minister
Meanwhile Minister Taylor has said “not knowing how to protect client or customer data is becoming a poor excuse. There is a lot of information now available on cyber security. The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches.”
Minister Taylor made the comments to coincide with the passing of a new amendment to our Privacy legislation, which requires mandatory reporting of data breaches.
The Notifiable Data Scheme came into effect on February 22, 2018.
Companies which fail to report data breaches as defined by the new legislation are liable for penalties and fines up to $420,000 for individuals and over $2million a business entity.
Data Breaches happen all the time
Given there has been no legal requirement - until now - for companies to disclose data breaches - defined as the loss of private and personal information about customers or employees - it is difficult to know with any certainty the extent of the problem.
However, Minister Taylor disclosed that in the last financial year there were 734 cyber incidents affecting private sector systems of "national interest and critical infrastructure providers."
And there have been a number of hacks which have been too big to hide...
Uber: In November 2017, Uber confirmed that it had lost the personal details of 600,000 drivers and customers in the United States. The company paid hackers $100,000 to delete the data and keep the breach quiet.
Target: In May 2017, US retail giant Target agreed to pay $18.5 million to settle claims by 47 states resulting from a massive data breach in late 2013. Up to 40 milllion customers had their credit card details exposed after hackers accessed the company's Point of Sale system.
Red Cross Blood Service: Closer to home, in October 2016 the Australian Red Cross Blood Service 'lost' the private information of 550,00 blood donors from between 2010 and 2016. The data came from an online application form and included "personal details" and identifying information including names, gender, addresses and dates of birth.
Related Blogs
