Jason Edelstein, Sense of Security CTO interviewed for CSO Online
Despite the current focus on security stemming from the massive data breaches that resulted from hackers exploiting low- and high-level system vulnerabilities, few businesses in the UK and Australia are interested in auditing systems — even when they’re free.
But Australia faced a broader underlying challenge that gave public and private sector organisations little incentive to respond to real or perceived threats. Australia has such inadequate laws that very few organisations are motivated to take this issue seriously. When the office of the privacy commission wants to get militant, the best they can punish an organisation with is a sternly worded press release.
Businesses should undertake annual penetration tests, ongoing vulnerability management, encryption of personally identifiable information and the implementation of a data classification policy that reflected the security requirements for different types of information.