Calibre One’s security team recently attended the first-ever AdelaideSEC, a cyber security conference run by the Australian Information Security Association.
The conference was fully booked out and filled the Adelaide Convention Centre, while meeting all the necessary COVID-19 precautions.
It was an informative event with multiple organisation and vendor representatives in attendance.
It was a particular pleasure to see Calibre One customers in attendance, as well as our partner vendors (Fortinet).
After an introduction from AISA executive, the conference was opened with an inspirational speech from the State Premier, Hon Steven Marshall.
The Premier’s remarks included:
- The next disruption will likely be a digital disruption, and that we need to be as prepared as we can.
- The Essential Eight is something that every business needs to know about.
- Security is a journey, not “somewhere you can arrive”, and we need to be making constant investments along the way.
The conference included technical and governance streams, and Calibre One sent delegates to both streams.
Of note in the latter was a presentation on Cybersecurity Obligations under Australian Law by Daniel Kiley, Special Counsel, HWL Ebsworth Lawyers.
His points included:
- ASIC obligations include informing markets of significant events – and a cyber event is a significant event
- Australian Privacy Principles: OAIC have found organisations culpable for failing to take reasonable steps to secure users’ personal information
- There are proposed changes to the Privacy Act, including increased penalties
- Notifiable Data Breaches: breach notification must be provided to OAIC and affected individuals
- “Consumer Data Right” is a new scheme to provide consumers with structured access to their data and share it – initially introduced in banking, will roll out to other sectors, including energy and telecommunications
- Very specific security controls required
- Critical Infrastructure Bill coverage proposed to be expanded to include multiple additional sectors, including communications, financial, energy, health care, higher education, and food and grocery
- Ransomware payments bill proposed, to require providing ACSC with payment details if and when a ransomware payment is made
We’re looking forward to the next event – in the meantime, we’re planning to apply the technical and leadership learnings in-house, and to have informed discussions with our customers about how we can continue to secure their business.