The week in security: GDPR’s “existential threat” to Australian companies

Work on the government’s security strategy is progressing nicely, by some accounts, even as the digital economy presents new challenges for cybersecurity during the transformation process.

That said, are you well advanced in your preparations for compliance with the EU’s new GDPR legislation? Of course you are, right? You certainly need to be – and Australian companies that are caught unprepared may face an “existential threat” from fines that could be imposed for a breach after the law takes effect next year.

Breach notification will be one of many themes to be covered at Wednesday’s IDG Security Day, a follow-the-sun event that will start in Sydney and feature a string of events at locations around the world.

Other lessons continued to emerge from the recent AusCERT 2017 conference, with one MSSP sharing experiences from building a DoD-grade cybersecurity defence and another warning about taking too technical a view of incident response practices. There were also concerns about the Balkanisation of the security community and the need for effective disclosure – two themes that will play ever more strongly as Australian companies face the need to learn from, not just fear, new breach-notification legislation.

Such practices – and the vulnerability management practices that try to head off compromises – can have a real financial impact as well as representing significant time lost.

Years of data breaches – including the 15 worst of the 21st century – have fuelled a range of attack strategies, including Microsoft’s emerging effort to use AI to pick out automated tech-support scams.

There’s no lack of identity management advice out there and you should definitely be taking it, with cloud adoption relying heavily on having a good identity framework in place.

When it comes to security, even Dr Seuss is offering guidance. Others were talking cybersecurity insurance and its role in the overall risk picture, with email policy also emerging as a key method for proactive resiliency.

Cloud consolidation and mobile malware were on the rise and new malware threats continued to emerge, with Microsoft once again taking the unusual step of patching its no-longer-supported Windows XP platform and security researchers discovering malware designed to disrupt core electricity substation equipment.