Article by Matt Hanmer, Managing Director, Infoblox Australia and New Zealand.
Intellectual property (IP) theft allegedly committed by foreign countries on behalf of foreign companies is prevalent across Australian industry. However, existing Notifiable Data Breach (NDB) legislation requires Australian organizations to notify the OAIC only of data breaches involving personal information, not other sensitive data such as IP.
The loophole leaves key Australian industries vulnerable, including agriculture, oil and gas, mining, logistics and education, given past hacking blind spots. We have seen demand for unprecedented levels of cyber protection from out-of-band businesses and those fearing becoming victims of IP theft.
IP theft is a big problem and is becoming more and more serious. There have already been cases of foreign companies using stolen Australian IP undermining Australian institutions in order to win projects. We are working with the cybersecurity sector and industry groups to urge governments to apply the Critical Infrastructure Security Act to more industries and require notification of all sensitive data breaches. This will strengthen your overall defense.
Currently, the federal government has little to no grasp of this area. This is because under the existing Notifiable Data Breach (NDB) scheme, an organization is required to notify his OAIC of a qualifying data breach only if the breach involves personal information. . This doesn’t cover IP, so companies don’t even report violations. Similarly, if a company is not subject to the Critical Infrastructure Act, it may not be required to report or publish data related to hacks.
This means that the federal government has no idea, and no way of knowing, how big the problem really is. Naturally, companies don’t want to talk about breaches. Because it’s embarrassing. You don’t have to speak, because you’re not obligated. This leads to big problems in learning how to deal with attacks. This is a problem many industries face together. Visibility of the problem is paramount in dealing with it.
Another example is the significant increase in the level of hacking attempts targeting university research departments to steal hard-earned knowledge for commercial purposes.
The problem is exacerbated given the lack of strong deterrents to ensure that forced data breach reporting actually takes place. By global standards, Australia has the lowest non-compliance fines in the Western world. Most fines are around her AUD$500,000, but last year’s highest fine was just AUD$10 million. That’s a small amount when you consider the huge amounts of money flowing through big banks, mining companies, telecom operators and pharmaceutical companies, compared to the US$5 billion paid by Facebook and the £183 million paid by British Airways in the UK in 2019 (3 18 million AUD).
According to a 2019 report, out of 964 notices made to the Australian Information Commissioner’s (OAIC) office under mandatory noticeable data breach schemes between April 2018 and March 2019, , not a single fine was imposed.
If an organization believes disclosure of a breach would significantly harm its business reputation, how much of a disincentive are existing non-disclosure fines, even if they are at slightly higher levels than last year?
With trade ties between Australia and overseas nations such as China strained, blatantly claiming intellectual property theft violates bilateral cyber espionage agreements is a way to repair diplomatic relations. can make it even more difficult. It is more important than ever to address these issues domestically and bring them under the Critical Infrastructure Security Act and Notifiable Data Breach (NDB) Act.
Breached Data Disclosure Act Vulnerability for Intellectual Property Theft Leaves Critical Australian Industry Vulnerable
Source link Breached Data Disclosure Act Vulnerability for Intellectual Property Theft Leaves Critical Australian Industry Vulnerable