Preparing for new Australian data protection regulations
During 2016, Australia recorded the highest number of data breaches in the Asia-Pacific region, which included some high profile organisations such as the Australian Red Cross Blood Service and Australian Bureau of Statistics. Several large scale cyberattacks also made world headlines in the first half of 2017, with the WannaCry ransomware outbreak on 12th May 2017, hitting traffic cameras in Australia and the Petya assault from just a few days ago, which brought production at Cadbury factories to a standstill.
These incidents prove that organisations of all sizes are at risk from cyberattacks that can lead to data loss and have a significant impact on a company's reputation, resulting in lost business and substantial remediation costs. Ponemon Institute and IBM recently reported the average cost of an Australian data breach to be around AUD139 per compromised record, with malicious incidents making up 48 per cent of data breaches, while 28 per cent caused by a negligent employee, and IT problems accounting for the remaining 24 per cent.
The majority of those breaches can be fixed easily as long as organisations implement basic safeguards to protect their infrastructure, data and email systems supported by a comprehensive data breach response plan. A data breach notification plan supports the organisation's ability to remediate a breach quickly, and with new data breach notifications becoming mandatory from February 2018, organisations will be required by law to notify the Office of the Australian Information Commissioner (OAIC) in the event of an 'eligible data breach'. Penalties for non-compliance with the laws would see the Information Commissioner investigating data breaches and enforcing penalties of up to AUD1.8 Million.
This new legislation brings Australia into alignment with the US and European Union and provides Australians with greater clarity about the privacy of their personal information, including sensitive data in email.
Email is a critical business communication tool and by its nature contains personal information stored in mailboxes and data archives. However, spear-phishing, ransomware, and impersonation attacks are plaguing organisations, with 90 percent of phishing attacks starting with email, making it the single biggest threat vector to businesses and the data they manage.