Memoona J. Anwar, Ph.D.

📕 Notifiable data breaches report by Office of the Australian Information Commissioner (OAIC) Australian reportable Data Breaches increase to 3.5 year high. The OAIC publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme every 6 months to help entities and the public understand privacy risks identified through the scheme. This report captures notifications received from 01 Jan to 30 Jun 2024. #dataprotection #databreach #Privacy #Australia

2

Privacy Awareness Week 2024 is running today Monday 6 May to Sunday 12 May. This year, the Office of the Australian Information Commissioner (‘OAIC’) is sending a message asking organisations to ‘power up’ on privacy. This sits under the overarching theme of Privacy and technology: Improving transparency, accountability and security.   As Australia head towards privacy reforms, it is critical that organisations start to take action to ensure they can meet their privacy obligations and manage privacy risks. Following high profile data breaches over the past year in Australia, it has never been more evident that managing privacy risk is tied to managing customer trust and business continuity. Privacy and data protection concerns are becoming a top priority for Boards.   Improving transparency means that organisations should be open and clear about what personal information they are processing, and for what purposes. This starts with understanding what personal information is being collected, used, stored, and transferred by the organisation. Accountability means organisations must take responsibility for personal information processed by the organisation. This can be supported by putting in place good governance structures to drive compliance with Australian Privacy Principles and other jurisdictional privacy laws. Many organisations have compliance obligations under the EU’s General Data Protection Regulation which is one of the highest standard of privacy protection worldwide. Organisations must examine their processes worldwide and take responsibility for their obligations. Security and privacy have always been closely linked as you cannot have privacy without security. Organisations must have robust security measures in place to protect personal information from unauthorised loss, modification, or access. Examining your security environment can be a crucial first step in protection personal information.   Privacy Management Technologies are becoming increasingly popular and supports organisations with compliance with privacy obligations across multiple jurisdictions by streamlining manual processes. Incorporating such privacy management technologies into organisations existing structure can be straightforward and the efficiencies achieved as privacy technologies become BAU are significant. At KPMG, we are supporting clients in ‘Powering up’ their privacy programmes, leveraging privacy management technology and preparing for the privacy reforms. Rob Warren Clare Power Jacinta Munro Matt Tottenham Shubham Singhal Luke Eason Martijn Verbree Danny Flint Anubha Sinha Mischa Steen Michelle Griffin Naveen Malhotra Niran Garcha Mina Zaki Gergana Winzer Natasha Passley Ross Widdows Stuart Mort

65

3 Comments

Over a million individuals' data may have been compromised in a significant Outabox data breach affecting pubs and clubs. Here's what you need to know: 1. Critical information potentially exposed due to a breach in a third-party provider for the hospitality and gaming sectors. 2. The breach involves a facial recognition kiosk, raising questions about the safety of patrons' data. 3. Allegations suggest involvement of overseas developers in the breach, shedding light on potential cybersecurity threats. Read more: https://lnkd.in/d-6SFskH #DataSecurity #CyberAwareness #databreach #cybersecurity #Outabox

9

 Data localisation requires data to be stored and processed within a specific geographic location. The 2023 exposure draft Australian Digital ID Rules (Rules) previously required data in general to be processed and stored in Australia unless an exception applied. However, concerns were raised that data localisation would ‘impose significant operational and financial burdens’ and limit the ‘efficiency and scalability’ of the system. The localisation requirement has now been removed. Now that data localisation is unlikely to be featured in the final Rules, it is important for Australia to strengthen its data privacy laws to align itself with more mature data privacy schemes such as the EU’s General Data Protection Regulation (GDPR). Without stringent data protection, there is a real risk that Australian’s private information may be unduly breached by hostile actors.  Natasha Blycha James Myint Schellie-Jayne Price Ty Haberland Dorothy Sam

11

🚨 Strategies for handling uncertainty in identity investigations: Fortian's Strategic Approaches 🚨 Arachne Digital is proud to support Fortian, an Australian security consultancy and managed security service provider, in their mission to enhance security operations. Fortian have put out an insightful article on monitoring identity providers for suspicious sign-in activity, emphasising the critical need for vigilance given that over 77% of attacks involve compromised credentials as an initial access method (Sophos, 2024). Key Strategies for handling uncertainty in identity investigations: Relate to Known Threats or Scenarios: Fortian advises building a matrix of threats and scenarios alongside evidence to support or disprove them. This method helps analysts make high-confidence determinations about the nature of suspicious sign-ins. Score the Anomaly: When evidence doesn't point to a specific threat, benchmarking anomalous sign-ins against past activities can provide context and help differentiate between benign and malicious activities. Perform Low-Impact Response Actions: In cases of irreducible uncertainty, low-impact actions like revoking sign-in sessions, resetting passwords, or extending monitoring can mitigate potential threats while minimising business disruption. Fortian's structured approach to dealing with suspicious sign-ins in Microsoft Entra ID is a testament to their dedication to security. By leveraging these strategies, security operations analysts can reduce uncertainty and respond effectively to potential threats. 🔍 Read more about Fortian's methodologies and how they can enhance your security operations: https://lnkd.in/g8btk2HX #CyberSecurity #ThreatDetection #IdentityProtection #SecurityOperations #ArachneDigital #Fortian

1

Boards that span across industry and research have a unique and complex set of challenges, so if you are on a CRC, post-CRC, NCRIS or similar Board that spans across different worlds, this forum is for you. Come join us on October 11 in Canberra for the very first Cooperative Research Australia Boards Forum. Co-chaired by Abby Bloom, Chair of ACM CRC, and Hon Kate Lundy, Chair of the Cyber Security Cooperative Research Centre Security CRC, this event is designed for board members from CRCs, post-CRC entities, and other boundary-spanning organisations, and will provide a unique opportunity for skills development, discussion, knowledge-sharing, and networking. The Forum will cover: ➡ Critical Issues for Boundary Spanning Boards: A deep dive into governance challenges and evolving responsibilities. ➡ Governance Issues for Boards: Covering topics like the right to disconnect, psychosocial positive duty, and the distinction between contractors and employees. ➡ Mapping Best Practice: Benchmarking: Provide your input into CRA’s benchmarking.   ➡ Board performance and recruitment with Directors Australia ➡ Corporates Compromised (cyber security board exercise) presented by Cyber Security CRC.   We are immensely grateful for generous support of Directors Australia, Westpac and Cyber Security Cooperative Research Centre to enable this forum. Registration Details:  Members: $499 GST   Non-members: $599 GST Places are limited, so register by following the link: https://lnkd.in/gsZtb7fd

15

𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻𝗶𝗻𝗴 𝗔𝘂𝘀𝘁𝗿𝗮𝗹𝗶𝗮'𝘀 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝘄𝗶𝘁𝗵 𝗧𝗶𝗲𝗿 𝗦𝗜𝗫𝗧𝗘𝗘𝗡 𝗮𝗻𝗱 𝗔𝗦𝗧𝗥𝗔 𝗖𝘆𝗯𝗲𝗿 As Australian companies face deadlines for required cyber security maturity and annual reports prescribed by the Security of Critical Infrastructure (SOCI) Act, navigating compliance becomes crucial.    TIER SIXTEEN and ASTRA's approach goes beyond basic compliance to build operational resilience. Spanning the domains of: Governance and Policy Security and Architecture Asset Management, we focus on addressing the evolving challenges of critical infrastructure security, ensuring sustained protection and resilience in an increasingly volatile environment.   🔗 Contact [email protected] today to see how we can support your journey in an interconnected and complex OT security and architectural landscape. #CriticalInfrastructure #CyberResilience #SOCICompliance #CyberSecurity #GovernanceAndPolicy #OperationalTechnology #AssetManagement #AustralianInfrastructure #TechPartnership #ResilienceBuilding Rheinhardt Peens Clayton Duncan NIKHIL M Stephen Toth Ross Parker

24

3 Comments