Posts

Strategic Relationships Help Australian Businesses Stay Compliant & Secure

The Australian Federal Government has passed The Privacy Amendment (Notifiable Data Breaches) Bill 2017, which will go into affect on February 23, 2018. This amendment will require organizations with an annual turnover of $3 million who suffer a data breach to report it to the Privacy Commissioner. They must also notify each individual to whom the personal information relates, or the individuals who are at risk from the eligible data breach.

Which Australian Businesses Will Be Affected:

While this bill doesn’t apply to all organizations, it does include:
· Businesses that sell / purchase personal information
· Private sector health services providers including private hospitals, medical practices and pharmacies
· Private schools (from pre-K through graduate level), including child care centers
· Individuals who handle personal information such as tax preparers, credit reporters or health records

Data breaches that fall under this amendment include any unauthorized access to, unauthorized disclosure, or loss of personal information that a reasonable person would conclude is likely to result in serious harm to the individuals to whom the personal information relates.

After suffering a breach of such information, organizations are legally required to report them as soon as possible and must provide:
· Description of the data breach
· Information of what type of data was compromised
· Recommendations on what individuals should do in response to the breach

How Does This Regulation Impact The Cybersecurity Landscape?

Cybersecurity has been a major concern not only in Australia, but throughout the APAC region. Countries are pressed to ensure that not only are they keeping their government information safe from breaches, but also that they are safeguarding their citizens’ information. It’s likely that there will be an uptick in other countries looking at how to best protect their citizens private information. But just like their local businesses, governments also must plan for the inevitable breach and have a clear understanding of what they can handle internally if a possible breach does occur.

For most organizations, breaches aren’t just a business matter – they’re also a personal matter. And it’s not a question of “if” a breach will occur but rather “when” one will occur. If an organization suffers a breach and it is not reported in a timely manner, there are steep repercussions and penalties (including fines in the millions of dollars) not to mention a loss of trust by customers. For example, a breach could result in an organization being liable for a civil penalty of up to 2,000 penalty units, the current value of which is $1.8 million.

While the regulations may sound new, they aren’t worth panicking about. They have been in the making for quite some time and should not be a surprise or shock to companies conducting business in Australia.

What Relationships Can Businesses Leverage To Help?

Australian and APAC organizations need to understand that being compliant isn’t enough, they must also have an action plan in place in the event that a breach does occur. Organizations that do experience a breach can become inundated with action items that need immediate attention and they won’t have the time, bandwidth or resources to conduct the indepth research needed into how and why the breach occurred in the first place.

For those companies that don’t have internal resources to handle a breach, having a strategic relationship with a managed security services provider (MSSP) could be very helpful. This partnership not only provides companies with critical assistance during a breach but also allows for the deployment of a tactical incident response plan. By utilizing an MSSP, Australian businesses are able to leverage the MSSP’s 24×7 alerting and monitoring support and the SOC analysts’ expertise to offload some of the workload.

“Security log collection and SIEM technologies are a critical part of an organization’s ability to detect potential security breaches along with providing valuable data during the investigation of a potential incident,” said Jeremy Vance, Vice President of Security Operations at Proficio. “Doing so requires having access to resources that know how to search and interpret those security logs effectively to provide insight into the timeline and scope and of the incident.”

When a breach does occur, Proficio supports their worldwide clients by performing log searches, investigations, cross-device correlation, analysis of existing data, incident response and forensic services to provide as much insight as possible into why and where the breach occurred and how to prevent another one from happening. “Our team of expert security analysts are able to conduct deep dives into client logs to gather as much information as possible for our clients or legal entities that may be requesting data to support their breach investigations,” Vance stated.

By forming close relationships with organizations in Australia, Proficio is helping them send a message that cybersecurity is a prime concern and being prepared for a potential breach is critical. This message resonates strongly with our clients, and supports their reputation as a trustworthy vendor who tailors solutions for each organization’s cybersecurity needs.

Interested in learning how Proficio can help your enterprise maintain compliance? View our services which can help your organization meet compliance requirements.

TARGET – AUSTRALIAN PRIME MINISTER’S DOMAIN HIJACKED

An individual at DigitalEagle’s Digital Marketing Agency based out of Australia was able to purchase the rights to domain “scottmorrison.com.au,” the domain that hosted the official website of Scott Morrison, the current Prime Minister of Australia. The individual purchased the rights to the domain at an auction for expiring domains for fifty US dollars.

After the purchase of the domain, the individual created a fresh WordPress site hosted on the domain and placed humorous content poking fun at the prime minister including references to the song “Scotty Doesn’t Know” from the 2004 film Eurotrip.

It appears that the new website was up for two days from October 18th to October 20th and went viral receiving over 340,000 visitors. The individual that hijacked the site blogged the experience and detailed other alternate scenarios that could’ve ensued if a malicious attacker would have taken control of the domain. This could have included using the domain to phish for sensitive information, receive sensitive emails, or continue to maintain the site and deliver fake content regarding political opinions of the PM. After two days, the hijacker gladly gave back the domain and the original website has since been restored. No crimes appear to have been committed in this particular situation and no arrests have been made.

Proficio Threat Intelligence Recommendations:

  • Validate a procedure is in place to renew domains owned by the organization.
  • Have a monitoring solution in place to look for major content changes to hosted websites.


Personal Blog of Events – Click Here

Global MSSP Proficio opens new Melbourne base to serve Aussie businesses

Global managed security services provider Proficio has established a new base in Melbourne that it will use to further push into the Australian and Asia Pacific markets.

Proficio’s newest international facility is part of the company’s growth initiative to provide around-the-clock managed security services for regional businesses.

The company, which has an office in Singapore, as well as a security operations centre (SOC) in Hong Kong, now adds the Melbourne operation as its third in the region.

“Proficio has seen an incredible 29 consecutive quarters of revenue growth that has been greatly influenced by an ever-growing number of clients from the Asia-Pacific region, comments Proficio president Tim McElwee.

According to Proficio, it works with a range of financial, telecommunications, legal, and healthcare institutions, many of which have an ‘extensive’ presence in Asia Pacific…

Read More

Proficio Extends MDR, Managed Security Services to Australia

Proficio, a Top 100 MSSP for 2017 that provides managed detection and response (MDR), log monitoring and other cybersecurity services, has opened a facility in Melbourne, Australia. The Melbourne hub is Proficio’s third location in the Asia-Pacific (APAC) region.

With the Melbourne hub, Proficio is better equipped than ever before to expand its cybersecurity services and infrastructure in the Australian market, President Tim McElwee said in a prepared statement. The Melbourne hub also highlights Proficio’s commitment to global expansion.

Proficio has recorded…

Read More