After the recent data breach at Optus, Australian Home Affairs Minister Clare O’Neil announced that there would be “very substantial” reforms. The government is pursuing changes including increasing penalties under privacy laws which currently max out at $2 million dollars per violation; they plan on making these more stringent to deter hackers from stealing citizens’ personal information like bank account numbers or passwords.
The Minister flagged that the government would look at cybersecurity requirements currently placed on large telecommunications providers to see if they were fit for purpose. She also suggested ways in which customers’ passport and licence details could be flagged, providing an additional level of protection against identity theft during this data breach crisis. She noted she has powers to set “minimum cybersecurity standards for lots of sectors of the economy but not telcos”
The Australian shadow home affairs minister has proposed a new regime that would impose hefty fines into the hundreds of millions for privacy breaches. Consumer group Digital Rights Watch called on Parliament to pass stricter laws regarding hackers’ access and protection digital assets, such as personal information stored in databases or online accounts managed by third parties like banks.
However, this call could have the potential for the opposite desired outcome. This may, enable organisations to be held accountable for these breaches however, these types of legislation can empower the cyber-criminal underworld. Essentially, the higher the penalty the higher the ransom.
Previous research has identified that little to none of the ASX 200 companies and Australia’s largest companies have allocated sufficient safeguarding on their networks to prevent email breaches or sinister attempts using known third party domains.
Evidence will show that Optus tried to mitigate a single risk omitting thousands of vulnerabilities, however in doing so opened an unfathomable amount more. Defined, robust standards are what is required if corporate IT executives and regulators are going to keep customer data safe.
David Barnes, Zulu Labs Inc CEO, Australia’s world leader in cyber email and domain security stated “There is a chasm between IT, business logic and understanding email and cyber security in the todays world”
The lack of cohesive knowledge and experience in this field can be linked to Government intervention that has created an environment where cyber criminals thrive.
A research paper shared in a 2021 authored by David Barnes for the insurance industry and the previous Australian Federal Government, demonstrated a fundamental link between increased privacy protection after the implementation of the GDPR (the European Union’s privacy legislation) and increased cyber-criminal activity that authorities, like the Australian Federal Police, are powerless to investigate.
Redacted ownership records guised for privacy reasons and the use of proxy domain name system (DNS) services ensure a nearly impossible task for authorities to investigate cyber criminal’s and their illegal online activities.
Shadow Cyber Security Minister James Paterson has denounced the government’s response to the Optus hacking, saying cyber security is a “shared responsibility”.
“It’s a whole of nation effort,” he said.
“It requires both government and the private sector to work very closely together to mitigate and combat the very serious threats that we face.