Cyber Defense eMagazine February Edition for 2022

But when it comes to cybercrime, a little planning and preparation go a long way – so here are the trends
your organisation should be focused on in 2022.
Rules and regulations are coming
One of the reasons that cybercriminals have been able to operate with virtual impunity is that they’ve felt
secure in the knowledge that technology has always been a step ahead of regulators.
But with the total economic impact of cybercrime estimated at $3.5 billion in Australia alone, and $1 trillion
worldwide, the law is finally catching up to the threat these criminals pose – and in 2022, we can expect
to see much greater regulatory pressure to address the risk of cybercrime.
We’ve already seen legislation for consumer privacy pick up steam, beginning with the EU’s General
Data Protection Regulation (GDPR) and followed by Brazil’s General Personal Data Protection Law
(LGPD) and the California Consumer Privacy Act (CCPA). It’s a sure thing that jurisdictions around the
world – at a national level, but also at a state and local government level – will continue to pass legislation
along these lines.
But that’s just the beginning. In Australia, we’ve seen the recent introduction of emergency laws that
require the operators of ‘critical infrastructure’ to report cyber attacks to the Australian Signals Directorate
(ASD) as they happen. The laws give the ASD the power to plug into the networks of these organisations
to help them fend off attacks.
Those laws were just a prelude to a second bill, expected to be introduced in 2022, that will impose
positive security obligations on businesses, requiring them to develop risk management plans and reach
certain cybersecurity standards. Under these laws, company directors could be made personally liable
for cyber-attacks.
I expect we’ll also see the Government move to make the payment of ransomware illegal – Labor has
already introduced a bill that would require ransomware victims to disclose whenever they make a
payment, and my sense is that both sides of the aisle are keen to disincentivise and defund hackers by
criminalising payments altogether. (Whether or not this would actually help victims is a more complicated
question.)
In their totality, these laws could make the regulatory landscape more confusing and/or costly for
organisations that aren’t prepared for them. But they should also have the effect of raising the
cybersecurity floor, and setting a new standard that, quite frankly, most organisations should be meeting
already.
In much the same way that tougher legal obligations made workplace health and safety a top priority for
employers, we’ll see businesses lift their game when it comes to cybersecurity, and start taking their
stewardship of data more seriously in order to comply with new rules and regulations.
Cyber Defense eMagazine – February 2022 Edition 77
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.