News Daily


Men's Weekly

Australia

  • Written by The Conversation
How can we stay safe after data breaches? Step 1 is to change the cybersecurity laws

Last week, Australian airline Qantas announced cyber attackers had accessed personal data about some of its customers. The company later confirmed that 5.7 million customer records were involved.

The attackers targeted an offshore IT call centre, which enabled them to gain access to a third-party system.

The airline contacted affected customers shortly after the announcement, and sent a follow-up email a week later. The email apologised to customers and informed them attackers had accessed information about customers’ names as well as frequent flyer numbers and tier status.

The email may have felt familiar to Australians impacted by the 2022 Optus Breach or the 2024 Medisecure Hack — a routine apology, an assurance that immediate steps have been taken, and a statement that the company takes seriously the trust placed in it to safeguard personal information.

It’s an adequate response. But it ignores something that might genuinely make customer data safer in the future: stronger cybersecurity laws to prevent these kinds of breaches from happening in the first place.

How should we respond to data breaches?

If your data were involved in the Qantas breach, you might be wondering what to do about it.

The first sensible step might be to find out what personal information was compromised. Next, you might research the potential harm that could come from your name, Qantas Frequent Flyer number, and tier status being accessed.

You may learn about the risks of identity theft, account hijacking, and scams.

After that, you might want to figure out what actions you could take to protect yourself – that is, how to best secure your data. Plenty of websites offer advice along these lines.

If you are a Qantas customer, and received the follow-up email, you may have noticed a section titled “What steps can I take to protect myself?”. This part encourages users to stay alert, use two-factor authentication, stay informed about the latest threats, visit IDCARE’s Learning Centre, and never share passwords or sensitive information (stating that Qantas will never ask for them).

While these are helpful suggestions, they place a significant burden on the customer. They also imply that if our data becomes compromised, we may be partially to blame for not doing more to protect ourselves.

Is this fair or useful? Rather than just trying to protect ourselves after data breaches, we might be better off focusing our attention on why breaches occur and the legislators who make the rules for the companies that hold our data.

Does the law have an unhealthy obsession with data breaches?

It may seem that, to improve cybersecurity laws, we need to pay more attention to Qantas-like data breaches and impose bigger fines on companies when they occur. However, this is not necessarily the best solution.

As US privacy scholars Daniel Solove and Woodrow Hartzog point out in their 2022 book Breached!: “Data privacy law has an obsession with data breaches.”

Ironically, the authors claim, “this obsession has […] been the primary reason why the law has failed to stop the deluge of data breaches. The more obsessed with breaches the law has become, the more the law has failed to deal with them.”

Solove and Hartzog argue that focusing solely on the breaches themselves prevents us from concentrating on prevention.

How effective is Australian cyber security law?

In Australia, recent reforms to the Cyber Security Act 2024 introduced the Cyber Incident Review Board, which can:

make recommendations to government and industry about actions that could be taken to prevent, detect, respond to or minimise the impact of, cyber security incidents of a similar nature in the future.

These reforms are an important step in addressing prevention, and the Cyber Incident Review Board will undoubtedly draw many lessons from the Qantas case when it performs its post-incident review – such as identifying potential weaknesses at the offshore IT call centre.

However, we shouldn’t have to wait until an incident occurs to start thinking about how to protect against breaches. There are also concerns about whether the recommendations it offers will be put into law.

Ideally, we need legislation that focuses on prevention, not just post-incident responses. If we had laws that required companies to conduct audits, provide legally binding safety checks applicable to all relevant stakeholders, and impose penalties for non-compliance with these standards, it would genuinely improve prevention.

Revising our flight path

Our response to the Qantas breach will no doubt follow a familiar pattern: first, we panic! Then we get angry at the company. Next, we attempt to follow privacy advice – at least for a short while – changing a password or two before becoming complacent and then lowering our privacy vigilance. And then the cycle repeats the next time a breach occurs.

We don’t need to accept this eternal pattern, however. If we focus our attention on lawmakers, rather than these immediate responses we are all too familiar with, prevention becomes a possibility.

Read more https://theconversation.com/how-can-we-stay-safe-after-data-breaches-step-1-is-to-change-the-cybersecurity-laws-260816

How to Bulletproof Your Contracts Against Disputes

In the business world, contracts are the backbone of transactions, partnerships and collaborations. Yet even well-meaning agreements can lead to disputes if they’re not carefully drafted by business contract lawyers. To avoid costly legal battles and protect your interests, it's... Read more

Top 5 Providers of SEO Focused Guest Posts in Florida You Can Trust

Many companies today aim to increase their online presence, which is a good use for guest blogging. In guest blogging, you compose content for the benefit of other websites that link back to yours. This promotes your business and increases... Read more

The Role of Litigation Lawyers in Brisbane

Litigation lawyers in Brisbane play a crucial role in the legal landscape, ensuring justice is accessible and efficiently administered for the clients they represent. They have expertise in handling disputes that may result in court proceedings, with their work encompassing... Read more

Edge Computing: Revolutionising Connectivity in the Digital Age

Edge computing is rapidly transforming how organisations process and manage data, bringing computational power closer to where it's most needed. In an increasingly connected world, Microsoft Azure services are at the forefront of this technological revolution, enabling businesses to leverage... Read more

What You Need to Know About Towing a Caravan

Towing a caravan can be an exciting way to explore Australia's vast landscapes, but it also comes with its own set of challenges. Whether you’ve just purchased a new caravan or are browsing caravans for sale, understanding the ins and... Read more

How to curb short-sightedness in kids

Kids should play outside more to reduce the risk of short-sightedness and potential adult blindnessWe are in the grips of a ‘myopia epidemic’: more than 20 per cent of Australians have myopia or short-sightedness, tipped to rise to 50 per... Read more