Data regulation and protection rules in 2020 saw a massive overhaul for the majority of businesses. With so many people working from home, companies were scrambling to ensure the safe exchange of information between employees and clients that were working remotely.
As most of our personal details are now kept online, data protection has become a non-negotiable investment for businesses and corporations who have a duty to keep this information confidential. In the wrong hands, valuable data can be sold to a cybercriminal resulting in theft, blackmail and identity fraud.
Data protection is a policy or set of rules and cyber security procedures implemented by a company’s IT department or provider to manage the flow and storage of data internally and externally. This policy can determine how information is shared through certain communication channels, what programs and applications a company is allowed to use and most importantly, how data is backed up in the event of a disaster. A major component of any effective data protection strategy is ensuring that data can be restored quickly after any breach, corruption or loss.
1.Australian Defence Force
Of course, data protection is a top priority for those trusted with national intelligence. The AFD doesn’t just have incredibly strict protocols in place to protect their internal data, but consider cybercrime a national defence issue. This includes protecting the Australian government’s online network. Their dedicated cyber defence department, the Australian Cyber Security Centre, works with businesses, local and federal governments and academic partners to investigate and develop solutions to cyber security threats.
Cyber risks have also necessitated the formation of data protection roles within the defence sector such as Cyber Warfare Officers, Cyber Analysts and Security Specialists.
While these are extremely high level positions where personnel are entrusted with national security, many large organisations now consider in-house data protection officers as integral to operations. The role of a data protection officer is to monitor internal compliance, implement effective data protection protocols and advise businesses on their data protection obligations.
As the healthcare industry is now largely digitised with most patient information available online, data protection laws have become specific about the storage of patient information. Hospitals especially are a regular target for hackers due to the vast amount of personal information they can access with just one successful breach.
In 2019, health services across regional Victoria were successfully hacked with a ransomware attack, which all started with one phishing email. This resulted in days of server downtime for hospitals across the state, with some hospitals forced to have to revert to manual systems. The attack cost Barwon Health alone over $3 million.
The Australian Government has established the Digital Healthcare Agency as a resource for healthcare providers to identify threats and mitigate potential impacts.
Given we now live in an almost cashless society, cyber attacks on financial services are increasing at a frightening rate. Because individuals and companies perform most transactions online, the risk of a data breach increases daily. This is why there is ever more pressure on the financial sector to completely safeguard against cyber risks.
“Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack,” according to a report by the Boston Consulting Group.
Banks and credit agencies are prime targets for obvious reasons – money and personal information. Given the potential impact of major breaches at financial institutions, and the cost, it is no surprise that the Department of Finance and the Australian Cyber Security Centre (ACSC) has weighed in on regulation compliance. They recommend every institution appoints a Chief Information Security Officer to provide cyber security leadership. The ASCS has also developed a set of cyber security principles to provide guidance on how such organisations can protect their systems and information from cyber threats.
4.Energy & Utilities
What would hackers want with energy and utilities data? They’re not always after the data – many of them simply want to attack for malicious purposes. Cyber activists, also known as hacktivists, regularly attack energy and mining companies to try and shut down their operations or gain control of their systems. Given that energy powers our everyday lives and the potential fallout from a cyberattack is extreme, the temptation for hackers is high.
According to AGL, “Cyberattacks are a growing problem in the energy sector overseas. The first known successful cyberattack on a power grid happened in the Ukraine in December 2015 using phishing emails with attached hidden malware – it blacked out approximately 230,000 houses.”
The Australian energy sector now follows very clear guidelines for cyber and data protection thanks to the introduction of the Australian Energy Sector Cyber Security Framework (AESCSF). This has been developed to provide all energy market participants with a structured and strategic approach for maintaining and upholding their organisation’s cyber security capabilities.
When you’re out shopping, do you ever consider that tapping your bankcard could be a potential risk to your financial information? It’s something we don’t think about, but thankfully the retail industry has very strict rules around the types of electronic point of sale (POS) systems and online checkouts they use in order to protect their customer data. The retail sector has to keep up with payment security in an era of rapidly evolving payment gateways and options.
IT security giant Symantec explains “As retailers take advantage of mobile, cloud, social and other technical trends to connect with customers and drive market share of the digital wallet, several competing forces come into play: the need to innovate quickly, decrease IT complexity and deliver an unparalleled customer experience – all while providing the airtight security and digital privacy that customers expect.”
Considering the amount of personal financial data hackers could access if they successfully breached a retailer POS, the government has understandably set out trade measurement laws. This requires POS systems connected to measuring instruments and used for trade to be pattern approved and verified. All retailers must legally gain a certificate of POS approval to operate within Australia.
Need better data defence?
Evologic can identify what cyber security risks are unique to your business, then develop and implement a custom solution to protect your network and data. Contact us to find out more.