Archive: December 2017

1
The co-existence of open data and privacy in a digital world
2
Malware with your coffee? Starbucks customers sent to the virtual mines… to find bitcoins
3
Is nothing safe? New malware targets industrial control systems
4
One-third of US businesses suffer data breaches: How will you protect yourself?
5
Cybersecurity in the age of the Internet of Things
6
Amazon Web Services announces Internet of Things (IoT) security service

The co-existence of open data and privacy in a digital world

By Cameron Abbott, Keely O’Dowd and Giles Whittaker

Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.

In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).

At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.

Read More

Malware with your coffee? Starbucks customers sent to the virtual mines… to find bitcoins

By Cameron Abbott and Harry Crawford

“Free” Wi-Fi isn’t necessarily so. The Wi-Fi provided in a Starbucks store in Buenos Aires was recently discovered to be planting malware onto customer’s laptops. This is another lesson in how cybersecurity can affect even the most innocuous corner-store businesses.

Read More

Is nothing safe? New malware targets industrial control systems

By Cameron Abbott and Harry Crawford

I’m sure I saw this in Die Hard 4 but “life imitates art”.   A new type of malware has been discovered in a very rare field of operation for hackers: attacking industrial control systems. Cybersecurity firm FireEye has been tight-lipped in detailing the attack, but has indicated that it was against “a critical infrastructure organization” which inadvertently caused operations to shut down. The attack is also reminiscent of the infamous “Stuxnet” virus that was used against Iranian nuclear power plants in 2010. Read More

One-third of US businesses suffer data breaches: How will you protect yourself?

By Cameron Abbott and Harry Crawford

A recent survey has shown that nearly one-third (29%) of US businesses experienced a data breach in the previous year.

The Hartford Steam Boiler Inspection and Insurance Company, part of global reinsurer Munich Re, conducted the survey which shows that 8 in 10 affected businesses spent at least $5,000 to respond. 27 percent of the businesses spent between US$5,000 and US$50,000 to respond to the data breach and 30 percent spent between US$50,000 and US$100,000, and a considerable portion spent even more than that. The costs were not only directly financial, with two-thirds of the affected businesses reporting their reputation was negatively impacted.

Read More

Cybersecurity in the age of the Internet of Things

By Cameron Abbott, Keely O’Dowd and Harry Crawford

The Internet of Things (IoT) allows unprecedented interconnectivity for consumers, and unfortunately for those consumers, hackers as well.

The European Union Agency for Network and Information Security (ENISA) recently released a report to provide insight into the security requirements of IoT and good practices recommendations on preventing and mitigating cyber-attacks against IoT systems. The report even includes examples of IoT cyber security attack scenarios.

Read More

Amazon Web Services announces Internet of Things (IoT) security service

By Cameron Abbott and Giles Whittaker

Amazon Web Services rolled out an IoT service called IoT Device Defender to limit risks from unsecured IoT devices. The service will monitor an entire fleet of devices for compliance policies and best practices. As such, an organization can set the normal operational parameters and policies for a given fleet of devices and then Device Defender will make sure those policies are enforced.

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.