The Labor government is calling its new anti-scam legislation a “historic” step in the fight against cybercrime, but it is only part of what needs to be done to protect Australian consumers.
Assistant Treasurer and Financial Services Minister Stephen Jones revealed Labor’s latest efforts to tackle the growing threat and cost of scams earlier this month, when he announced the government’s new scam prevention framework .
The legislation will give the Australian Competition and Consumer Commission sweeping new powers to directly take on social media companies, banks and telecommunications companies to protect consumers.
The Australian Financial Complaints Authority would also have the power to resolve consumer complaints about scams in these sectors.
“Over the last year, I have spoken to thousands of Australians in towns and cities across the country,” Minister Jones said on November 7, when announcing the framework.
“They want strong action to protect their money and information, and these laws are effective. »
But is the action tough enough? Scams are costing Australians more in financial losses every year, and the scammers themselves are becoming more sophisticated.
Janine Morris, head of industry engagement and strategy at SaaS company AvePoint, seems to think so – but it’s also far from a silver bullet.
“While Australia’s new scam prevention framework is a crucial step in tackling the rise in cybercrime incidents, it is equally important that we focus on data integrity as a key part of this effort,” Morris told Cyber Daily.
“The foundation of any effective fraud prevention strategy lies in firstly protecting data integrity and security.
“Scams and frauds often rely on the exploitation of weak or compromised data. Whether it’s phishing attacks, identity theft, or data breaches, ensuring sensitive data remains accurate, secure, and tamper-proof is critical to minimizing these risks.
According to Morris, regulatory measures are simply not enough. Organizations need to be more proactive in ensuring the security of their data infrastructure.
“This means implementing robust data governance practices, ensuring fine-grained data access controls, and training employees to recognize signs of data manipulation,” Morris said.
“By strengthening data integrity at every level, we can better protect individuals and businesses from the devastating effects of scams. »
For Simon Berglund, senior vice president and general manager of APAC at Diligent, the framework “highlights the need for industry collaboration and a holistic approach to cybersecurity.”
“By imposing clear obligations on banks, telecommunications and social media platforms, as well as sanctions for non-compliance, the government is laying the foundations for a more responsible and secure digital ecosystem,” Berglund said.
However, Berglund agrees that companies still need to do more work themselves.
“For companies, now is the time to improve their cybersecurity governance programs,” Berglund said.
“This involves carrying out regular risk assessments and vulnerability management, ensuring that employees, management and board members are trained in the latest developments in cybersecurity and using continuous monitoring and incident response capabilities to rethink their cyber risk management strategies.
Whether companies will take the opportunity to beef up their security rather than wait for the next major data breach – the wave of scams that will inevitably follow – remains to be seen.