In a bid to maintain stability in the Indo-Pacific region, Australia has pledged $37.5 million to bolster the security and development of critical technology in neighboring countries as part of its updated International Cyber Engagement Strategy. The funding aims to promote the resilience of critical technologies in Southeast Asia and to support Australia’s Pacific neighbours by improving online safety, counter misinformation and to fight cybercrime.Read More
A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.
Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.
The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.
As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.
As the world grinds to a halt following the dispersion of COVID-19 and businesses around the globe experience a significant downturn, more and more businesses are turning towards their Business Continuity Plan (BCP) in order to mitigate the potential impacts of this worldwide emergency on business sustainability. However, a key aspect of BCP’s is that they encapsulate the full scale of collateral issues that may arise from such an emergency.
From a technology perspective, BCP’s need to consider access. This issue is twofold: being access to premises in which businesses operate in order to correct system defects and system outages, as well as access to external premises that provide technology services such as data storage or data security services.Read More
As the world grinds to a halt following the perpetuation of COVID-19, more and more businesses have turned to remote work arrangements. This has led to a sharp rise in the use of videoconferencing technology Zoom. However, as the Australian Financial Review notes, flawed data security and privacy practices mean that the use of Zoom could be disastrous for corporate and personal privacy.
Concerns surrounding the use of Zoom arose earlier this year, with critical security vulnerabilities enabling hackers to predict Meeting ID’s and therefore join active meetings, and also allowing any website to forcibly join a user to a Zoom call with their video camera activated and without the user’s permission. Whilst a number of these errors were patched up, as the article notes, Zoom refused to disable the ability for hackers to forcibly join to a call anyone visiting a malicious site, raising security red flags and undermining public confidence in Zoom’s attitude towards data security. A strange response given that part of its attraction had been a perceived stronger approach to security.Read More
In October, the US Department of Defence (DoD) awarded the Joint Enterprise Defence Infrastructure (JEDI) contract to Microsoft to overhaul its IT infrastructure – a huge show of confidence in infrastructure as a service (IaaS).
The DoD’s award of the 10-year, $10 billion JEDI contract to Microsoft is an endorsement of the secure nature of Azure, Microsoft’s cloud computing service. Under this deal, Microsoft’s task is to create a globally responsive network and monitor ongoing issues such as bugs and breaches. Part of the deal involves moving sensitive data, including classified mission operations, to Microsoft Azure. The system must be fortified with robust cyber security and encryption as Microsoft bears the important responsibility for the defence of the US.
The DoD’s decision to move to the cloud is a clear signal that IaaS has come of age, considering when such a security sensitive operation is able to use the service.
Ransom-based hacking techniques have primarily been limited to the intangible. We live in a world where unauthorised access to email accounts, bank accounts, and computer systems that may otherwise be private is no longer uncommon.
In some situations, hackers demand a lump sum in return for reinstating control of the accounts and systems to its owners and managers, and otherwise refusing to pay this ransom can likely leave our information and data at the mercy of hackers.Read More
Until recently, a security vulnerability in the social media platform Instagram, allowed Hyp3r to illicitly harvest millions of Instagram users’ data and track their locations.
In a similar manner to the Cambridge Analytica scandal that plagued Facebook following the 2016 US presidential election, this latest example of Hyp3r’s mass data collection was discovered through a journalistic investigation and was not uncovered by the social media platform.Read More
Everyone knows the saying “the Pen is mightier than the sword”. The famous saying has been used for centuries to describe the ultimate power of words and communication over forms of violence. However, the rapid implementation and use of technology as a “combat” method doubts whether this saying is correct in a modern technological era, and begs the question as to whether technology is in fact mightier than the sword!
This dilemma is highlighted through the recent cyberstrike conducted by the United States. According to a Report by the Washington Post, in June of this year the Cyber Command of the US Military utilised a technology cyberstrike to target a significant Iranian database in the Persian Gulf. The relevant database was alleged to have been used by the IRGC, Iran’s elite paramilitary force, to damage oil takers and shipping traffic in the Persian Gulf. According to the Pentagon, the operation was in the works for weeks after Iran’s alleged attacks on two US tankers in the Gulf of Oman earlier in June, and following an attack by Iranian forces on an unmanned U.S. Surveillance drone hours earlier, the cyber-strike was immediately given the go-ahead.Read More
All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.
To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.Read More
APRA has released an information paper on outsourcing involving shared computing services, including cloud. The paper discusses risks for outsourcing shared services and ways in which APRA regulated entities may seek to minimise these risks.
See the information paper here.