Not everything under the tree was meant to be unwrapped over the holidays, according to a statement put out by the Office of the Australian Information Commissioner (OAIC), regarding the global hack of the managed service providers (MSPs).
In their statement, the OAIC advised affected MSPs that they need assess the potential breaches to see if it falls under the Notifiable Data Breach regime, which came into effect on 22 February last year.
The Australian Cyber Security Centre (ACSC) said that some MSP providers operating in Australia ‘have been compromised’. The ACSC continued that the exposure is extensive and ongoing and it is difficult to ascertain how many Australian organisations have been affected.
The final quarterly report for 2018 on the NDB regime, covering the period between July and September 2018, found 245 data breaches that affected personal data.
Australian Information and Privacy Commissioner, Angelene Falk, said business should consider preventing data breaches as ‘business as usual’.
Of the reported breaches, 57 per cent were malicious, while 37 per cent were the result of human error.
As the risk landscape of IT risks evolves, lets it will be interesting to see what 2019 might bring and how business can better prepare themselves to mitigate the risks.
Symantec’s predictions of what the threat landscape might resemble in 2019 and beyond include:
The use of artificial intelligence to hack or to ‘aid assaults’
The use of AI by business to defend their organisations from cyber threats
5G to increase the ‘attack surface area’.
DDoS or Denial of service attacks will no longer be the extent of the impact on internet of things (IoT) during massive attack
Attackers will increasingly capture data in transit
Attackers will exploit the supply chain
Increased regulation and legislation to deal with the evolving threat landscape.
Whether there will be more regulation of legislation in response to the threat landscape is unclear. Last year already saw the NDB regime, the Australian Government Agencies Privacy Code and Immigration Data Breach Privacy compliance.
On a global level, 2018 also saw the implementation of the General Data Protection Regime (GDPR).
2019 will reveal what vulnerabilities might lie within the consumer data rights framework as it relates to banks, with the open banking regime taking effect on 1 July.