admin – Page 35 – Cyber Law Watch

U.S. data breaches reached record high in 2016: Report

Jan 26 2017

According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:

Data breaches in the U.S. reached an all-time high in 2016, with the number of breaches tracked reaching 1,093, a 40% increase from the year earlier
The financial services industry accounted for only 52 of the breaches, or 4.8%, making it the least hit of the five industries tracked. Business, healthcare, education and the government and military were hacked more than the financial services industry
For the eighth consecutive year, hacking, skimming and phishing were the main drivers of data breaches, representing 55.5% of all reported incidents. Many were due to CEO phishing in which sensitive data is exposed
While consumers and businesses are constantly warned to pay close attention to their email, breaches that used email and the internet as a way to hack people only accounted for 9.2% of all the hacks, while employee error was responsible for 8.7% of the hacks.

This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.

India’s top court asks WhatsApp, Facebook to please explain over privacy policy

Jan 23 2017

By Cameron Abbott and Allison Wallace

A petition to challenge messenger service WhatsApp’s privacy policy in India is gaining momentum, with the Supreme Court this week issuing notices to WhatsApp, its owner Facebook, and the telecom regulator TRAI to respond to the court within two weeks.

The petitioners are incensed over WhatsApp’s changes to its privacy policy in September last year, which saw it begin sharing users information with Facebook, including their phone numbers. Those who didn’t agree with the new policy were given the option to “opt out” by deleting the app. This announcement came two years after WhatsApp was acquired by Facebook. Read More

Alarming number of Enterprise Cloud Services aren’t enterprise ready

Jan 20 2017

By Cameron Abbott and Allison Wallace

A new report has revealed 95% of cloud services used by enterprises aren’t enterprise ready.

The January 2017 Netskope Cloud Report reveals a staggering 82% don’t encrypt data at rest, 66 per cent don’t specify in their terms that the customer owns their own data, and 42% don’t allow administrators to enforce password controls.

Of malware found in cloud services, backdoors were the most common (43.2%), with others including adware (9.8%), Javascript malware (8.1%) and ransomware (7.4%).

The report also shows an increase in the use of cloud services – with an average of 1031 cloud services in use per enterprise, up from 977 in the previous quarter. The retail, restaurant and hospitality industry was the biggest user of cloud services (1193), followed by financial services, banking and insurance (1132).

Cookies, Directories, Advertising and Personal Data: New EU Rules on Privacy in Electronic Communications

Jan 20 2017

By Cameron Abbott and Allison Wallace

With the EU heading full throttle towards the implementation of new data protection regulations in May 2018, there has been a lot of buzz around the impact the regulations will have, not only on day-to-day life, but other existing regulations.

One of these regulations is the Directive 2002/58/EC aka the ePrivacy Directive, which has been urgently reviewed ahead of the data protection regulations being implemented.

Brussels partner Ignasi Guardans has detailed the review and its implications here.

SAP criticises impending EU data protection laws

Jan 18 2017

By Cameron Abbott and Allison Wallace

SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.

The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.

In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.

Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.

Cyber-attacks: a problem in 2016, still a problem in 2017

Jan 11 2017

By Cameron Abbott and Allison Wallace

A survey of nearly 600 organisations across a variety of industries globally has revealed 98% of these organisations experienced some form of cyber-attack in 2016. (We are left wondering if the other 2% just didn’t notice?)

The survey, conducted by cyber-security company Radware, also found that many organisations are still not prepared to face the threat landscape including that 40% of organisations do not have an incident response plan in place.

Respondents indicated that ransom was the top motivation behind cyber-attacks (41%), followed by insider threats (27%), political hacktivism (26%) and competition (26%).

Radware’s Vice President of Security Solutions, Carl Herberger, says that money is the top motivator in today’s threat landscape. He says “attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.

Radware predicts that in 2017, we will see an increase in the use of IoT botnets, cyber ransom, telephony DoS, permanent denial of service for data centre and IoT operations, and public transport being held hostage.

Not the most positive outlook for 2017, but it would be a brave person to suggest they are wrong with those predictions.

UK companies taking on cybersecurity-related insurance in soaring numbers

Jan 09 2017

By Cameron Abbott and Allison Wallace

There was a 50% growth in the adoption of cybersecurity-related insurance in the UK between 2015 and 2016.

CFC Underwriting discovered the trend after polling industry representatives at the 2016 Cyber Symposium late last year.

The underwriter, which provides cyber insurance to more than 20000 clients globally, found the factors driving clients to purchase these kinds of policies included the “fear factor” of a cyber attack (23%) and the impending introduction of the European General Data Protection Regulation in 2018 (26%).

More than half of the respondents to the poll (53%) indicated they believed electronic computer crime will lead to an increase in insurance claims. Earlier figures released by CFC Underwriting revealed it handled over 400 claims on cyber policies in 2016, a 78% increase on 2015.

Privacy Commissioner investigates alleged sale of telco customer information

Nov 21 2016

By Cameron Abbott and Allison Wallace

Australia’s Information and Privacy Commissioner Timothy Pilgrim is making enquiries into allegations that the personal information of customers of three Australian telcos is being sold online.

Fairfax uncovered an alleged rort involving ‘corrupt insiders’ at the offshore call centres of Telstra, Optus and Vodafone, which has allegedly seen details including customers’ addresses, dates of birth and billing statements leaked to at least one private company in India, which is then allegedly selling the information for up to $1000.

Commissioner Pilgrim has said in a statement that he is working to determine what further action may need to be taken.

All three telcos have also released statements, reiterating that they take the privacy of their customers seriously. Vodafone and Optus have met with the AFP, which has now passed the matter on to Indian authorities.

Mirai Botnet knocks Liberia offline

Nov 04 2016

By Cameron Abbott and Rebecca Murray

After launching attacks on security expert Brian Krebs and the servers at Dyn, it appears as though the Mirai botnet has knocked the entire country of Liberia offline. Yes the country. Given the paucity of protections on the Internet of Things with even weaker controls on adequate passwords, Mirai has a powerful base to co-opt and launch from. That said a country is no mean achievement, albeit only with a population of 4.5 million and fewer than 10% of its citizens having internet access, the target was a small one. However, it is possible this attack is only the beginning for a new display of Mirai botnet’s capabilities. The attack peaked at a 500Gbps, a relatively modest figure when compared with the Dyn and Brian Krebs attacks.

Judging from the quick succession of recent attacks, we won’t be waiting long before we see another target of this highly effective botnet. Forbes has covered this in more detail here.

Boards Push Insurers to Quantify Cyber Risks

Nov 02 2016

By Cameron Abbott and Rebecca Murray

US risk management firm Advisen recently held the Cyber Risk Insights Conference where insurers, brokers, corporate risk managers and CSOs came together to discuss the importance of company CFOs quantifying cybersecurity risks. Panelists included the risk managers of Merck and Time, who both classified cybersecurity risk exposure as a top danger faced by corporations. Time’s risk management department, for example, is working to quantify the company’s exposure to cyber attacks so that it can transfer some of the risks to insurers. However, Time’s director of risk management says culling all cyber-risk-management information together in a meaningfully predictive way is a challenging task.

Furthermore, gaining assistance from insurers about how to quantitatively define cybersecurity risk is also problematic as the insurance industry is only getting started on truly understanding how to forecast cyber losses. Cyber security practice leader for insurance broker Lockton Cos, Ben Beeson has revealed that insurers have only really become aware of the vast extent of loss that can eventuate when handling personal data this year. Keeping up with incredibly evolving and dynamic cybersecurity threats is sure to be an immense challenge for insurers. Read more here.

Author - admin