Privacy, Data Protection & Information Management – Page 25

Update: Mandatory Data Breach Notification Laws closer to being introduced

Feb 07 2017

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

India’s top court asks WhatsApp, Facebook to please explain over privacy policy

Jan 23 2017

By Cameron Abbott and Allison Wallace

A petition to challenge messenger service WhatsApp’s privacy policy in India is gaining momentum, with the Supreme Court this week issuing notices to WhatsApp, its owner Facebook, and the telecom regulator TRAI to respond to the court within two weeks.

The petitioners are incensed over WhatsApp’s changes to its privacy policy in September last year, which saw it begin sharing users information with Facebook, including their phone numbers. Those who didn’t agree with the new policy were given the option to “opt out” by deleting the app. This announcement came two years after WhatsApp was acquired by Facebook. Read More

SAP criticises impending EU data protection laws

Jan 18 2017

By Cameron Abbott and Allison Wallace

SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.

The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.

In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.

Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.

Cyber-attacks: a problem in 2016, still a problem in 2017

Jan 11 2017

By Cameron Abbott and Allison Wallace

A survey of nearly 600 organisations across a variety of industries globally has revealed 98% of these organisations experienced some form of cyber-attack in 2016. (We are left wondering if the other 2% just didn’t notice?)

The survey, conducted by cyber-security company Radware, also found that many organisations are still not prepared to face the threat landscape including that 40% of organisations do not have an incident response plan in place.

Respondents indicated that ransom was the top motivation behind cyber-attacks (41%), followed by insider threats (27%), political hacktivism (26%) and competition (26%).

Radware’s Vice President of Security Solutions, Carl Herberger, says that money is the top motivator in today’s threat landscape. He says “attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.

Radware predicts that in 2017, we will see an increase in the use of IoT botnets, cyber ransom, telephony DoS, permanent denial of service for data centre and IoT operations, and public transport being held hostage.

Not the most positive outlook for 2017, but it would be a brave person to suggest they are wrong with those predictions.

UK companies taking on cybersecurity-related insurance in soaring numbers

Jan 09 2017

By Cameron Abbott and Allison Wallace

There was a 50% growth in the adoption of cybersecurity-related insurance in the UK between 2015 and 2016.

CFC Underwriting discovered the trend after polling industry representatives at the 2016 Cyber Symposium late last year.

The underwriter, which provides cyber insurance to more than 20000 clients globally, found the factors driving clients to purchase these kinds of policies included the “fear factor” of a cyber attack (23%) and the impending introduction of the European General Data Protection Regulation in 2018 (26%).

More than half of the respondents to the poll (53%) indicated they believed electronic computer crime will lead to an increase in insurance claims. Earlier figures released by CFC Underwriting revealed it handled over 400 claims on cyber policies in 2016, a 78% increase on 2015.

Privacy Commissioner investigates alleged sale of telco customer information

Nov 21 2016

By Cameron Abbott and Allison Wallace

Australia’s Information and Privacy Commissioner Timothy Pilgrim is making enquiries into allegations that the personal information of customers of three Australian telcos is being sold online.

Fairfax uncovered an alleged rort involving ‘corrupt insiders’ at the offshore call centres of Telstra, Optus and Vodafone, which has allegedly seen details including customers’ addresses, dates of birth and billing statements leaked to at least one private company in India, which is then allegedly selling the information for up to $1000.

Commissioner Pilgrim has said in a statement that he is working to determine what further action may need to be taken.

All three telcos have also released statements, reiterating that they take the privacy of their customers seriously. Vodafone and Optus have met with the AFP, which has now passed the matter on to Indian authorities.

Boards Push Insurers to Quantify Cyber Risks

Nov 02 2016

By Cameron Abbott and Rebecca Murray

US risk management firm Advisen recently held the Cyber Risk Insights Conference where insurers, brokers, corporate risk managers and CSOs came together to discuss the importance of company CFOs quantifying cybersecurity risks. Panelists included the risk managers of Merck and Time, who both classified cybersecurity risk exposure as a top danger faced by corporations. Time’s risk management department, for example, is working to quantify the company’s exposure to cyber attacks so that it can transfer some of the risks to insurers. However, Time’s director of risk management says culling all cyber-risk-management information together in a meaningfully predictive way is a challenging task.

Furthermore, gaining assistance from insurers about how to quantitatively define cybersecurity risk is also problematic as the insurance industry is only getting started on truly understanding how to forecast cyber losses. Cyber security practice leader for insurance broker Lockton Cos, Ben Beeson has revealed that insurers have only really become aware of the vast extent of loss that can eventuate when handling personal data this year. Keeping up with incredibly evolving and dynamic cybersecurity threats is sure to be an immense challenge for insurers. Read more here.

Data breach penalties could cost U.K. companies £122B in 2018

Oct 18 2016

By Cameron Abbott and Rebecca Murray

U.K. businesses could face up to £122 billion in penalties for data breaches when EU legislation comes into effect in 2018, according the Payment Card Industry Security Standards Council (PCI SSC). The EU’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of to €20 million or 4% of annual worldwide turnover, significantly higher than the current maximum of £500,000. This means that if data breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion in 2015 to £122 billion, the PCI SSC calculated. For large U.K. organisations, this could see regulatory fines for data breaches soar to £70 billion, more than a 130-fold increase, rising to an average of £11 million per organisation. Regulatory fines for SMEs could see a 57-fold increase, rising to £52 billion, averaging £13,000 per SME. Read more at ComputerWeekly.com by clicking here.

Threat from hackers against Internet of Things grows

Oct 17 2016

By Cameron Abbott and Rebecca Murray

New research by Akamai Technologies has revealed that cyber criminals have cracked into as many as two million Internet-of-Things (IoT) devices at homes and businesses. IoT devices are products that connect to the internet, which now include refrigerators, sound systems, televisions and home security systems. In the report, researchers state that “Once malicious users access the web administration console of these device they can then compromise the device’s data and in some cases, take over the machine.” This report sheds much needed light on one of the most under-focused on areas of cyber security. Read the report here.

Australian organisations hit by thousands of significant cyber incidents

Oct 17 2016

By Cameron Abbott and Rebecca Murray

The Australian Cyber Security Centre’s (ACSC) 2016 Threat Report has revealed that Australian businesses and government have been subject to more than 15,000 significant incidents that they know of. Read the report here. They were the first to admit that given reporting is optional they cannot really determine the full impact.

Due to the current reporting regime, the ACSC has had to rely on data from callouts to CERT Australia (the national first responder to cyber incidents) to assess the extent of the problem in the private sector. CERT Australia responded to 14,804 incidents from the private sector from June 2015 to June 2016. Of those callouts, 418 involved systems of national interest and critical infrastructure. The banking, finance, energy and communications sectors were the most heavily targeted.

While the Government has introduced a bill to mandate serious data breach notification that is set to be passed in the near future (find out more about the bill here), until then, we will continue to go mostly unaware of damaging malicious cyber activity launched against Australian organisations because the private sector largely refuses report these incidents.

Catagory:Privacy, Data Protection & Information Management