According to a recent PwC global survey, nearly half of Australian companies have been affected by the dark web, with cybercrimes becoming increasingly sophisticated. Only few weeks back, we have witnessed a major data breach that targeted Singapore’s government health database and stole personal information from 1.5 million citizens. This has raised huge concerns amongst security experts, especially in light of the Australian federal government plans to expand My Health Record System.
As we all know, third-party access, if not done properly and with the right solutions, can only jeopardise security. In Australia, the Health Record System aims to permit health professionals to have access to the health records of citizens. While it is a great idea to centralise citizens’ data into a single platform, the need for robust and streamlined security system is more important than ever before. According to the Australian Digital Health Agency (ADHA), almost 6 million Australians currently hold a My Health Record and the number of systems that will have access to this amount of medical records is concerning.
Securing the endpoint security
With increased dependency on connected devices and wide deployment of Wi-Fi networks, IoT is growing at a fast pace. It is estimated to become a US$62 billion industry by 2025, according to a market research report.
As the world continues to get more digitalised, we are able to do things never imagined before. However, the downside with the huge amount of connected devices and data is that it opens a whole new world of possibilities for hackers to perform targeted attacks. The first step to prevent cyber-attacks is a thorough security risk assessment.
Organisations must make a conscious effort to take IoT security more seriously because ultimately more endpoints means more risk to sensitive data within an organisation, with this issue having become even more poignant under the new legal frameworks such as GDPR and the Notifiable Data Breaches Act (NDB) in Australia. According to results of a survey by Gartner, despite 95 per cent of CIOs expecting cyber threats to increase over the next three years, only 65 per cent of organisations currently have a cybersecurity expert.
Gartner’s predicts that 99 percent of exploited vulnerabilities by 2020 will be those already known to security and IT professionals. Therefore, the only way to control the explosion of IoT enabled endpoints is by establishing greater visibility into the IT environment and tooling up service management teams with a unified and automated set of technologies including patching, application whitelisting and device control, all of which are designed to offer true defence in depth. It is only by understanding and identifying potential gaps through infrastructure assessments and asset management that we can truly position ourselves as off limits to the ever evolving threat environment.
As the Australian Digital Health Agency (ADHA), continues to get questioned over its ability to safely store sensitive health data in the My Health Record system, it’s important to address the security issues in order to protect the platform that is currently under scrutiny by the privacy advocates, who fear the possibility of unauthorised access to records by criminals with an intent of selling health data and other personal information to commit fraud.
The worst is yet to come
With the relentless wave of cyber-attacks showing no sign of slowing down, it is clear that organisations need a strong security scheme, with solutions to manage all the potential risk factors. Data privacy is commonly linked with users’ awareness of data hazards, yet it is also important to be aware of the importance of securing the growing multitude of connected “things” which have access to our data, even if we don’t realise it.
There is no denying that data breaches are on the rise and their consequences are alarming. It is needless to say that while the rapid rise in technology is constantly adding new capabilities and advantages to the IT industry, it is also bringing in vulnerabilities and giving cybercriminals new opportunities for threats.
In this particular case with My Health Record, we believe that the government will need to quickly address the issues that have arisen if they want citizens’ trust. It will be important to put together a plan outlining how they will protect the platform that is currently under so many doubts. The old adage that says prevention is better than a cure is never truer when applied to organisations’ security practices. By ensuring citizen’s personal data and intellectual property are safeguarded, the Australian government can prevent not only financial but also reputation damages.