In February next year, new legislation will come into effect requiring organisations to constantly monitor their systems for security breaches involving access, loss or disclosure of personal information.
Called the Privacy Amendment (Notifiable Data Breaches) Act 2017, it will place responsibility on organisations to detect, investigate and report on any data breaches.
If a data breach does occur, organisations are required to investigate whether personal information has been accessed and if there is a risk of serious harm. Depending on the outcome of the investigation, they may have to report the breach to the individuals whose information was compromised and to the Office of the Australian Information Commissioner
Detection of a breach of an organisation’s IT systems can be difficult if the right systems aren't in place.
At Forensic IT, many of the investigations we do involve investigating breaches that may have occurred through phishing emails and remained undetected for up to 12 months.
Even if they have not involved access to personal information, some of these breaches have cost organisations millions of dollars.
Various software solutions are now available that monitor for illegal activity on computers that could indicate a security compromise, such as spawning processes or the installation of suspicious software. Often, these are the result of a phishing email.
On detection of something unusual or suspicious, an alert is sent to system administrators.
If the software is in place before an event takes place, it provides the ability to track the trail of the compromise back in time across the network and identify where and how it entered the system, where it has spread and what has been accessed. This is extremely useful in any investigation and helps an organisation understand the scale of the breach, whether there has been access to personal information and whether there is a requirement to make an official report.
If you would like more information about software to monitor insider threats, feel free to contact us at Forensic IT.