At a glance.
- Report from OAIC calls for better data breach prevention and response.
- Australian government pledges to crack down on cyber gangs.
- New York to require cybersecurity and privacy education for lawyers.
Report from OAIC calls for better data breach prevention and response.
As lawmakers work on legislation to curb the recent surge in cyberattacks targeting Australian organizations, the Office of the Australian Information Commissioner (OAIC) last week released its notifiable data breaches report for January to June 2022. The report showed a 14% decrease in reported incidents overall, but saw a noted upswing towards the end of the period. Technology Decisions notes that there was also an increase in larger-scale breaches and incidents impacting multiple entities. Overall, 41% of breaches resulted from cybersecurity incidents, and the top sources of these incidents were ransomware, phishing scams, and compromised or stolen credentials.
Australian Information Commissioner and Privacy Commissioner Angelene Falk stated, “Recent data breaches have brought attention to the importance of organisations securing the personal information they are entrusted with and the high level of community concern about the protection of their information and whether it needs to be collected and retained in the first place.” She advised organizations to establish a breach response plan, and urged them to collect data that is completely necessary, deleting data when it is no longer needed. It’s worth noting that Australia’s Privacy Act 1988 requires entities conduct a data breach assessment and notify the OAIC within thirty days of learning of a suspected breach. In the reporting period, 71% of entities notified the OAIC within 30 days of becoming aware of an incident, down from 75% in the previous period. “As the risk of serious harm to individuals often increases with time, organisations that suspect they have experienced an eligible data breach should treat 30 days as a maximum time limit for an assessment and aim to complete the assessment and notify individuals in a much shorter timeframe,” Falk stated.
Australian government pledges to crack down on cyber gangs.
Remaining down under, the Australian Office of the Attorney-General over the weekend released a statement announcing that the Australian Federal Police and the Australian Signals Directorate will be partnering to “investigate, target and disrupt cyber criminal syndicates with a priority on ransomware threat groups.” As Dark Reading notes, the effort comes in response to the recent wave of cyberattacks in the country, in particular the massive data breaches at telecom company Optus and insurance provider Medibank. Officials will prioritize cybercriminals based on the harm they cause and will work to disrupt their operations, wherever they may be based. "It sends an important message to criminals and hackers intending to do harm — Australia will fight back," the statement reads. The Attorney-General adds that Australia’s Department of Home Affairs Cyber and Critical Technology Coordination Centre will host a virtual international counter-ransomware task force in an effort to work with key international stakeholders across government in defending against ransomware.
New York to require cybersecurity and privacy education for lawyers.
New York will be the first US jurisdiction to require that lawyers barred in the state must undergo education in cybersecurity. A new requirement states that lawyers in New York will have to complete one continuing legal education credit hour of cybersecurity, privacy, and data protection training. The training will be added to their biennial learning requirement beginning July 1, 2023. Jonathan Armstrong, lawyer and partner at compliance firm Cordery, told CSO Online that law regulators have recently increased their focus on cybersecurity and data privacy. “The [UK] Solicitors Regulation Authority (SRA), for example, had a cybersecurity break out session last week at the COLP/COFA conference for law firm compliance officers. I think it could catch on in other countries,” Armstrong stated.