Search for:
Category

Cyber Security

Category

Leading technology companies have agreed to help prevent deceptive AI content from influencing the many elections worldwide in 2024. This commitment was announced at the Munich Security Conference. This commitment comes at a crucial time, with over four billion people across more than 40 states set to vote in elections this year. Within the generally prevailing discussion about AI and ethics, the increasing use of AI in political discourse has raised concerns about its potential impact on geopolitical developments.

The Federal Information Security Act (ISA), which only entered into force on 1 January 2024, is already being amended with an obligation to report cyberattacks for operators of critical infrastructures. On 18 January 2024, the deadline expired for challenging the amendment by way of a public referendum. This means that the amended version will become law, with the new obligation to report cyberattacks expected to come into force in 2025, although an exact date has not yet been set.

On 23 December 2023, the United Nations Advisory Body on Artificial Intelligence released an interim report, marking a step forward in the global discourse on Artificial Intelligence (AI) governance. This report, a collaborative effort of experts from government, the private sector, civil society, and academia, calls for a robust global framework to regulate AI. Its publication underscores the urgency and complexity of addressing AI’s rapidly evolving landscape.

2023 has ended with a flurry of activity from Australian authorities and regulators that provides deep insights into Australia’s current and emerging cyber threat environment and will heavily influence the development of Australia’s cyber policy in the years to come. We have pulled together key insights, important trends in the cyber threat landscape and recommendations for cyber risk management that should be of interest to all Australian businesses and directors moving into 2024 and beyond.

On 7 November 2023, the National Privacy Commission issued Advisory No. 2023-01, which sets out guidance on the nature of deceptive design patterns and how their use by personal information controllers and personal information processors when securing consent vitiates the consent of the data subject and consequently renders the data processing to be without lawful basis.
This Advisory supplements the recently issued NPC Circular No. 2023-04, or the comprehensive guidelines on the use of consent as a lawful basis for processing data, which, among others, prohibits the use of deceptive design patterns.

Following Administrative Decision No. 641/2021 on “Minimum information security requirements for the national public sector,” the AAIP approved its information security policy. The purposes of the policy are to protect the information resources of the AAIP and the technological tools used for their processing; ensure the confidentiality, integrity, availability, legality and reliability of information, and strengthen the adequate implementation of security measures, identifying available resources.

The Monetary Singapore Authority of Singapore (MAS) and Infocomm Media Authority (IMDA) published a joint consultation paper, which sets out a Shared Responsibility Framework (SRF) allocating losses arising from scams among financial institutions (FIs), telecommunication operators (telcos) and consumers.
Under the proposed SRF, FIs and telcos will have to fulfill their respective anti-scam duties. Failure to do so may result in the FIs and telcos making payouts to scam victims for certain types of phishing scams.

On 20 October 2023, the Cyber Security Agency of Singapore, in collaboration with the Ministry of Health, Health Sciences Authority and national health technology agency, Synapxe, launched the Cybersecurity Labelling Scheme for Medical Devices sandbox. Medical device manufacturers are invited to participate in the sandbox to gain a first-mover advantage in enhancing the security of their products.

Cybersecurity threats and risks are increasing each day, and cybercriminals are getting more sophisticated in their attacks. Companies need to ensure that their data security measures keep up with ever-changing regulations and that they have protocols in place to deal with cyber threats, breaches, and ransomware attacks. Retail brands recognize that in an increasingly connected world, cybersecurity should remain a top priority.