We frequently blog here about incidents where companies, government agencies or public have suffered data or security breaches at the hands of hackers. They’re often incidents that come to light because they affect the public in some way – by shutting down hospitals, exposing sensitive personal information, or threatening government security. But what about hacks that, while not having wide-reaching public implications, go to the core of a business’ operations?Read More
By Cameron Abbott and Karla Hodgson
The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.
There are 3 key statistics we took away from these human error NDBs.Read More
By Cameron Abbott and Max Evans
Everyone knows the saying “the Pen is mightier than the sword”. The famous saying has been used for centuries to describe the ultimate power of words and communication over forms of violence. However, the rapid implementation and use of technology as a “combat” method doubts whether this saying is correct in a modern technological era, and begs the question as to whether technology is in fact mightier than the sword!
This dilemma is highlighted through the recent cyberstrike conducted by the United States. According to a Report by the Washington Post, in June of this year the Cyber Command of the US Military utilised a technology cyberstrike to target a significant Iranian database in the Persian Gulf. The relevant database was alleged to have been used by the IRGC, Iran’s elite paramilitary force, to damage oil takers and shipping traffic in the Persian Gulf. According to the Pentagon, the operation was in the works for weeks after Iran’s alleged attacks on two US tankers in the Gulf of Oman earlier in June, and following an attack by Iranian forces on an unmanned U.S. Surveillance drone hours earlier, the cyber-strike was immediately given the go-ahead.Read More
By Cameron Abbott and Rebecca Gill
Unreported data breaches have disrupted several major M&A deals in recent years, such as Marriott International’s merger with the Starwood hotel chain. The growing list of cautionary (and costly) tales appears to be making an impression in the M&A space, as a recent study of IT professionals and business executives by Forescout Technologies has found.
The study queried a total of 2,779 respondents from all over the world, and found that 93% of the respondents viewed cybersecurity evaluations as important to their companies’ M&A decision-making processes. Respondents also ranked a target company’s history of cybersecurity incidents as the second most important factor when performing due diligence on the business, following the company’s financial statements.Read More
By Cameron Abbott and Rebecca Gill
PwC’s UK Privacy & Security Enforcement Tracker has found that fines in the UK over data protection law violations totalled £6.5 million in 2018, a £2 million increase from 2017.
The Tracker analysed data protection enforcement actions by the UK Information Commissioner’s Office (ICO), including monetary fines, prosecutions and undertakings. The Tracker shows that the total sum of fines increased from 2017, but the number of ICO enforcements fell to 67 in 2018 from 91 in 2017.Read More
Protecting personal data is a fundamental aspect of any privacy regime. As we become more technological advanced, organisations are finding innovative ways to interact with consumers through more intuitive communication channels, such as voice recognition via digital assistants. But not everyone trusts such technology, as Microsoft’s April 2019 report on voice assistants and conversational artificial intelligence has found.
The report found that 41% of voice assistant users were concerned about trust, privacy and passive listening. Other interesting findings of the report include:Read More
It’s been a little over a year since the notifiable data breach scheme was introduced in Australia. The Office of the Australian Information Commissioner (OAIC) issued its Notifiable Data Breaches Scheme 12-month Insights Report on 13 May 2019, detailing its insights to come out of the scheme’s operation over the past 12 months. As regular readers would no doubt be aware, the health sector was one of the top industry sectors to report breaches in the first 12 months of the scheme’s operation.Read More
Today’s topic for Privacy Awareness Week is “online privacy”. It is no surprise that online privacy is a key topic of concern for businesses and consumers alike, given recent high-profile privacy breaches. Of particular significance is the issue of credential stuffing, as Australia is now the fifth highest target for credential stuffing attacks according to Akamai’s Credential Stuffing: Attacks and Economies report of April 2019 (Report).
Credential stuffing is a form of cyberattack where account credentials, usually usernames or email addresses and corresponding passwords, are stolen, typically from a previous security breach. The account credential combinations are then used to try and gain access to accounts at other sites via an automated and large-scale web application directed to multiple logins. It relies on individuals using the same password across multiple sites. K&L Gates has previously blogged on a high-profile credential stuffing attack that can be found here.Read More
It’s Privacy Awareness Week and today’s topic is “data breaches”. With data breaches and responding to cyber attacks becoming an inevitable part of doing business, it’s a timely reminder about the importance of adequately resourcing your IT security areas, and of having comprehensive and well-tested data breach response plans in place, as illustrated by the Fourth Annual Study on The Cyber Resilient Organization (Study), conducted by the Ponemon Institute on behalf of IBM Resilient.
The Study surveyed 3,655 IT and IT security practitioners in 11 countries and regions, including Australia. The results of the Study indicate that a majority of Australian businesses are vulnerable to cyber-attacks due to a lack of skilled personnel and incident response plans.Read More