Login
Why you must run mock cyber attacks
Stricter regulations for data protection are coming to Australia, one senior in-house counsel-turned-partner said. As such, law departments must up the ante in ensuring their businesses are safeguarded.
Jerome Doraisamy
Andrew Truswell (pictured) has over 25 years of in-house experience, having worked for airlines such as Qatar Airways, Qantas, Jet Asia, and Amadeus, as well as tech companies, including Capgemini, Versent, PaySociety and NetApp.
Speaking recently on The Corporate Counsel Show, Mr Truswell reflected that, during the pandemic, many airlines were without passengers, and thus took the opportunity to see where they could improve their tech processes. Aviation is a competitive space, he explained, and data management forms part of this – particularly with a tightening regulatory landscape.
Now a partner at BizTech Lawyers, Mr Truswell is adamant about supporting clients in developing a strategy for data “rather than a single piecemeal approach to achieve a strategic objective”.
“Moving to being someone who is instructed [rather than doing the instructing], I hope to be able to provide value and tune in to the strategic requirements of the client, and also help them to see and achieve those strategic objectives,” he said.
Such a broader strategy is essential for law departments right now, Mr Truswell argued, given that he believes the Australian government “is definitely headed” in the direction set by the General Data Protection Regulation (GDPR) set by the European Union.
“Now is the time to be cognisant,” he warned.
“Even companies that don’t consider themselves tech companies have logistics issues, which mean they deal with data, and thus need a data strategy.”
It would help, he suggested, for businesses to run mock cyber attacks and thereby deduce how vulnerable their network is, and consider what might happen in the event of an actual attack.
“If personal information is at the core of a company’s business, you really need to consider protecting the network through safeguarding mechanisms, including cyber insurance. Also, if the mock cyber attack shows a vulnerability, it can be addressed.”
Data strategies, Mr Truswell espoused, are like plumbing.
“They can access the pipe, for which the data flows through. And unless you have a strategic approach to protecting it across the board, there are vulnerabilities,” he said.
This happened recently in the aviation sector, he detailed.
“Frequent flyer data that was exchanged between groups of airlines that share such data ended up in one place where it was hacked and leaked,” he said.
Law departments must ensure such mock attacks are carried out, Mr Truswell continued, also given how little time a business may have to respond.
“The GDPR gives you a 72-hour window, which is barely sufficient. It doesn’t allow for a root cause analysis, and if rights and freedoms of the data are affected in that period, you have obligations to the regulator.”
In response to such challenges, he noted, “standards should be applied”.
This includes, he listed, standards for compliance, data backup, hacking protection and information security.
“If you have standards across the board and apply them through a network of contracts, that basically strengthens the whole plumbing system of data. So, if there’s a vulnerability or attack, it’s the same across the whole network of contracts,” he concluded.
The transcript of this podcast episode was slightly edited for publishing purposes. To listen to the full conversation with Andrew Truswell, click below:
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.
You can email Jerome at:
