Australian data breach news & repercussions

In the wake of the nation’s major data breaches, Australian authorities have conducted investigations in conjunction with other agencies, like Interpol.  Their findings lead them to the totally unremarkable conclusion that Russian hackers are behind this recent spate.  Commissioner of the Australian Federal Police (AFP), Reece Kershaw, revealed that his team was aware of the perpetrators’ identities, though have so far declined to publicly reveal them.  Kershaw states that, “Our intelligence points to a group of loosely affiliated cybercriminals, who are likely responsible for past significant breaches in countries across the world. These cybercriminals are operating like a business with affiliates and associates who are supporting the business.”

These investigations, of course, follow the mega breaches against telecoms such as Optus and Telstra, as well as others.  In the most recent case, regulators will be intensifying scrutiny of the insurance group Medibank to see if further actions are required, after a data breach affected almost 10 million customers.  An external review is currently being conducted into the group, with the suspects again believed to be the same Russian hackers. The Australian Prudential Regulation Authority (APRA) has likewise emphasized strict adherence to cybersecurity standards like the Information Security Prudential Standard CPS 234, and supervision of entities that fail to comply. 

As conversations between Australian and Russian law enforcement proceed, the former nevertheless has experienced a severe rise in cybercrime.  Penalties have already evolved as the government quickly moved to make changes to national privacy laws.  What once cost AU$2.22 million for serious or repeat breaches can now be a maximum fine of AU$50 million.  

This is just another instance of what we discussed last time: the surging penalties and lessened leniency for those organizations who fail to prevent a cybersecurity incident.  Falling afoul of new regulations creates just another impetus for boards to get their digital act together and make sure their policies are cohesive, their data encrypted, and their response plan at the ready.

With the cyber criminals of these Australian cases also believed to be operating in other countries through affiliates, the importance of protecting one’s sensitive data becomes an even more critical issue.  Global networks of cyber thieves necessitate stringent safeguards to stop your company—and country—from becoming international headlines.  Knowing what data is being collected, where it is stored and for how long, and how it is protected (such as with NetLib Security’s Encryptionizer solution, which encrypts stored data right out of the box with no additional programming or hit to performance): these are all essential questions to prevent the constantly growing hammers from coming down.