Author - Harry Crawford

1
Bug Bounty Programs – your company’s friend or foe?
2
The Sydney Declaration: ASEAN and Australia commit to cooperate on cybersecurity and digital trade issues
3
Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack
4
De-identification of Data and Privacy
5
Cybercrime most costly to financial services
6
Hackers target cryptocurrency via Tesla’s public cloud: don’t mine our business – mind your own business!
7
Mandatory Data Breach Reporting in 60 seconds
8
The Pyeongchang Winter Olympics – skating on thin ice when it comes to cybersecurity?
9
Cybersecurity is only one part of security – a filing cabinet could be your highest risk
10
Facebook wants you to know that it’s accountable for your privacy

Bug Bounty Programs – your company’s friend or foe?

By Cameron Abbott, Keely O’Dowd and Samantha Tyrrell

Bug Bounty Programs (BBPs) actively encourage hackers to explore a company’s systems and report back on any vulnerability they discover. Often, pre-determined financial incentives are offered to the “security researcher” in return for their findings. The attraction of this process is obvious; rather than suffering a cyber incident that could – and for many organisations has – cost millions of dollars and resulted in reputational damage, companies can instead make a comparatively small payment to ethical “white hat” hackers with the intention of pre-empting an incident.

Read More

The Sydney Declaration: ASEAN and Australia commit to cooperate on cybersecurity and digital trade issues

By Cameron Abbott and Keely O’Dowd

Over the weekend our closest neighbours agreed to greater cooperation on cyber security. The Member States of the Association of Southeast Asian Nations (ASEAN), the Secretary-General of ASEAN and Australian leaders met in Sydney to strengthen the ASEAN-Australia relationship. The leaders discussed issues of regional importance.

Read More

Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

By Cameron Abbott and Harry Crawford

The NSW Government’s vulnerability to hacking has been exposed in a report by state’s auditor-general, in which it was revealed that one government agency took 49 days to shut down a hack.

This hack started with an email account of the unnamed agency being compromised and used to send out “phishing” emails to get the credentials of finance staff members. By day 20, 300 staff had clicked on the bogus link in the phishing email. 200 email accounts ended up being under the control of the hackers.

Read More

De-identification of Data and Privacy

By Cameron Abbott, Keely O’Dowd, Giles Whittaker and Harry Crawford

As promised in a previous blog post, K&L Gates have performed an in-depth analysis of the risks of relying on de-identification of data to protect privacy, in the wake of researchers successfully re-identifying de-identified medical data that was released by the Australian Department of Health in 2016.

Read the article on the K&L Gates HUB here.

Cybercrime most costly to financial services

By Cameron Abbott and Keely O’Dowd

A study by Accenture and Ponemon Institute – Cost of Cyber Crime Study: Insights on the security investments that make a difference – found cyberattacks cost financial service firms more to address and contain than in any other industry. The rate of breaches in the industry has tripled in the past five years. On average, the cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years, from $12.97 million per firm in 2014 to $18.28 million in 2017.

Read More

Hackers target cryptocurrency via Tesla’s public cloud: don’t mine our business – mind your own business!

By Cameron Abbott and Samantha Tyrrell

Not even Tesla is immune to digital security breaches according to a recent report published by RedLock. The cloud security firm discovered that intruders were able to access and exploit Tesla’s public cloud system to mine cryptocurrencies, a scheme – which due to its surge in popularity – is now better known as cryptojacking. A recent string of similar incidents has demonstrated that hackers are shifting their focus away from siphoning data to siphoning cloud resources instead.

Read More

Mandatory Data Breach Reporting in 60 seconds

By Cameron Abbott

The notifiable data breach scheme, as outlined in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), commenced yesterday, 22 February. Under this new scheme, in the event an organisation experiences a data breach that is likely to result in serious harm to any individual, that organisation will be required to notify the Australian Information Commissioner and any affected individual(s) of the breach. This 60 second video will help you prepare your organisation for these changes.

 

The Pyeongchang Winter Olympics – skating on thin ice when it comes to cybersecurity?

By Cameron Abbott and Samantha Tyrrell

McAfee, a cybersecurity company, reported that organisations associated with the Pyeongchang Winter Olympic Games suffered security breaches as part of a hacking campaign in January. In a second chapter to this story, organisers have recently confirmed that Olympic servers were the subject of a cyberattack during the opening ceremony last Friday.

Read More

Cybersecurity is only one part of security – a filing cabinet could be your highest risk

By Cameron Abbott and Harry Crawford

No matter how much you spend on cybersecurity technology, data breaches can occur in the most basic ways, for example by leaving an old filing cabinet lying around. This demonstrates the need for a holistic approach to information security.

Recently, highly confidential government papers were discovered inside two locked filing cabinets that were purchased at a second-hand furniture shop in Canberra. What likely happened was a public servant overseeing an office clean up unwittingly sold the filing cabinets containing state secrets to the furniture shop.

Read More

Facebook wants you to know that it’s accountable for your privacy

By Cameron Abbott and Samantha Tyrrell

Facebook has always been confronted with privacy-related scrutiny, including being the respondent in the proceedings that ultimately brought down the EU-US privacy shield. On 28 January 2018, Facebook revealed its “privacy principles” to users for the first time. Via a series of educational videos and a ‘Privacy Check Up’ function, Facebook has shared the core principles it uses to guide its approach to privacy. Facebook will also roll out a new hub which will allow users to more easily control their privacy settings.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.