This week the ‘Cyber Security Legislative Package’ was referred to the Parliamentary Joint Committee on Intelligence and Security. The package consists of the:
Its intention is to implement initiatives aligned with the 2023-2030 Australian Cyber Security Strategy, aiming to fix gaps in legislation and bring Australia in line with international best practices.
Some of the measures include:
Introduces mandatory security standards for internet- and network-connectable devices to enhance protections and reduce vulnerabilities in IoT products.
Requires businesses to report cyber incidents and ransomware payments to the Australian Government to improve understanding of the threat landscape and inform responses.
Establishes an independent body to review significant cyber incidents, offering insights and recommendations for improving cyber resilience.
Restricts how incident information shared with the National Cyber Security Coordinator is used, encouraging voluntary reporting without fear of regulatory repercussions.
The National Cyber Security Coordinator leads the government’s response to significant cyber incidents, facilitating a coordinated approach to mitigate and resolve threats.
The bill is designed to adapt to evolving cyber risks, support industry collaboration, and align with international standards for improved national cybersecurity.
Plus, the package includes reforms to the Security of Critical Infrastructure Act 2018 (SOCI Act), including:
Parliament is inviting submissions by Friday, 25 October 2024, and for more info about making a submission you can find it here.
To assist with planning, they ask that you indicate your intention to make a submission by Friday, 18 October 2024 by emailing pjcis@aph.gov.au.
If you’re wondering what the changes mean for your business, legal firm Gadens offer some of their advice on their website here, commenting:
‘If passed, the Cyber Security Bill would streamline a number of cyber security standards and reporting obligations and introduce several new penalties and regulatory powers for non-compliance with key obligations. As there is no monetary threshold for the application of these new laws, larger enterprises as well as small business will be affected equally, so entities of all sizes should prepare for a material uplift in their information security compliance processes and procedure to meet the new requirements.’
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.