Archive: November 2016

1
Privacy Commissioner investigates alleged sale of telco customer information
2
Mirai Botnet knocks Liberia offline
3
Boards Push Insurers to Quantify Cyber Risks

Privacy Commissioner investigates alleged sale of telco customer information

By Cameron Abbott and Allison Wallace

Australia’s Information and Privacy Commissioner Timothy Pilgrim is making enquiries into allegations that the personal information of customers of three Australian telcos is being sold online.

Fairfax uncovered an alleged rort involving ‘corrupt insiders’ at the offshore call centres of Telstra, Optus and Vodafone, which has allegedly seen details including customers’ addresses, dates of birth and billing statements leaked to at least one private company in India, which is then allegedly selling the information for up to $1000.

Commissioner Pilgrim has said in a statement that he is working to determine what further action may need to be taken.

All three telcos have also released statements, reiterating that they take the privacy of their customers seriously. Vodafone and Optus have met with the AFP, which has now passed the matter on to Indian authorities.

Mirai Botnet knocks Liberia offline

By Cameron Abbott and Rebecca Murray

After launching attacks on security expert Brian Krebs and the servers at Dyn, it appears as though the Mirai botnet has knocked the entire country of Liberia offline. Yes the country.  Given the paucity of protections on the Internet of Things with even weaker controls on adequate passwords, Mirai has a powerful base to co-opt and launch from.  That said a country is no mean achievement, albeit only with a population of 4.5 million and fewer than 10% of its citizens having internet access, the target was a small one. However, it is possible this attack is only the beginning for a new display of Mirai botnet’s capabilities. The attack peaked at a 500Gbps, a relatively modest figure when compared with the Dyn and Brian Krebs attacks.

Judging from the quick succession of recent attacks, we won’t be waiting long before we see another target of this highly effective botnet. Forbes has covered this in more detail here.

Boards Push Insurers to Quantify Cyber Risks

By Cameron Abbott and Rebecca Murray

US risk management firm Advisen recently held the Cyber Risk Insights Conference where insurers, brokers, corporate risk managers and CSOs came together to discuss the importance of company CFOs quantifying cybersecurity risks. Panelists included the risk managers of Merck and Time, who both classified cybersecurity risk exposure as a top danger faced by corporations. Time’s risk management department, for example, is working to quantify the company’s exposure to cyber attacks so that it can transfer some of the risks to insurers. However, Time’s director of risk management says culling all cyber-risk-management information together in a meaningfully predictive way is a challenging task.

Furthermore, gaining assistance from insurers about how to quantitatively define cybersecurity risk is also problematic as the insurance industry is only getting started on truly understanding how to forecast cyber losses. Cyber security practice leader for insurance broker Lockton Cos, Ben Beeson has revealed that insurers have only really become aware of the vast extent of loss that can eventuate when handling personal data this year. Keeping up with incredibly evolving and dynamic cybersecurity threats is sure to be an immense challenge for insurers. Read more here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.