Cyber Law Watch

Insight on how cyber risk is being mitigated and managed across the globe.

1
Update everything: Discovery of Wi-Fi flaw in connected devices
2
Just one of 734: Australian defence contractor hacked
3
SEC wants to collect more information – but can they protect it?
4
Deloitte hack: Big four cyber-security advisor takes a hit
5
Equifax data breach: 143 million records exposed but senior executives not told immediately?
6
Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?
7
Gartner: Worldwide spending on information security to reach $93 billion in 2018
8
Privacy risks in collecting donations
9
EMPLOYEES CELEBRATE CHIP PARTY: Embedding RFID Chips – would you agree to this?
10
Elon Musk Acquires X.com

Update everything: Discovery of Wi-Fi flaw in connected devices

By Cameron Abbott, Rob Pulham and Olivia Coburn

A Belgian researcher has discovered a weakness in WPA-2, the security protocol used in the majority of routers and devices including computers, mobile phones and connected household appliances, to secure internet and wireless network connections.

The researcher, Mathy Vanhoef, has named the flaw KRACK, for Key Reinstallation Attack.

Any device that supports Wi-Fi is likely to be affected by KRACK, albeit devices will have different levels of vulnerability depending on their operating systems. Linux and Android are believed to be more susceptible than Windows and iOS, and devices running Android 6.0 are reportedly particularly vulnerable.

Read More

Just one of 734: Australian defence contractor hacked

By Cameron Abbott and Olivia Coburn

A hacker has breached the computer system of an unnamed defence contractor and stolen 30 gigabytes of data, including information on Australia’s $17 billion Joint Strike Fighter program.

The data breach, which the Australian Government publicly disclosed last week, also includes information about Australia’s $4 billion P-8 surveillance plane project, Collins Class submarines and the warships HMAS Canberra and HMAS Adelaide. The Government has emphasised that the stolen data is commercially sensitive but not classified.

The announcement coincides with the release of the Australian Cyber Security Centre’s 2017 Threat Report, available here, which reveals that the hack is among 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.

Read More

SEC wants to collect more information – but can they protect it?

By Cameron Abbott and Olivia Coburn

The United States Securities and Exchange Commission (SEC) is facing scrutiny on its handling of a data breach that occurred in 2016 – but was only publicly disclosed on 20 September 2017.

Hackers accessed information on corporate filings intended for investors, which would be used for insider trading.

Read More

Deloitte hack: Big four cyber-security advisor takes a hit

By Cameron Abbott and Olivia Coburn

“Big four” accounting and consulting firm Deloitte revealed on Monday that it was targeted by a hack that exposed its email system and client records.

Although Deloitte has not yet provided details on the full extent of the breach, it confirmed that the information accessed includes confidential emails and plans of some of its blue-chip clients. It also said that “very few” clients were affected.

Read More

Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Read More

Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?

By Cameron Abbott and Olivia Coburn

RiskIQ, a US-based cyber security company, has reported that 40% of businesses surveyed in the US and the UK have experienced 5 or more significant security incidents in the past 12 months. Significant incidents include malware, targeted attacks, mobile exposures, rogue mobile apps, website or brand abuse, phishing and social impersonation.

RiskIQ, through IDG Connect, also surveyed the confidence of corporate decision-makers in their ability to handle and mitigate cyber threats. Their report, 2017 State of Enterprise Digital Defense Report, reveals that nearly two-thirds of respondents had no to modest confidence in their ability to manage digital threats.

Read More

Gartner: Worldwide spending on information security to reach $93 billion in 2018

By Cameron Abbott and Olivia Coburn

Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.

This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.

Read More

Privacy risks in collecting donations

By Cameron Abbott and Olivia Coburn

Charities are increasingly employing commercial approaches to funding, lobbying and fundraising to fuel their invaluable work. In doing so, charities need to be cautious of mishandling the donor’s personal information that they collect together with the donation.

Donors are frequently being asked to provide information such as home address, email address and their mobile phone number. In some instances charities will not accept money unless this personal information is also provided.

Read More

EMPLOYEES CELEBRATE CHIP PARTY: Embedding RFID Chips – would you agree to this?

By Cameron Abbott and Olivia Coburn

On 1 August 2017, employees of a Wisconsin-based technology company enjoyed a “Chip Party” – but not the salty kind.  21 of Three Square Market’s 85 employees agreed to allow their employer to embed radio frequency identification chips in their bodies. We are familiar with the Internet of Things, is this the Internet of People?

Three Square Market (known as 32M) highlighted the convenience of microchipping their employees, reporting that they will be able to use the RFID chip to make purchases in the company break room, open doors, access copy machines and log in to their computers.

Read More

Elon Musk Acquires X.com

By Cameron Abbott and Olivia Coburn

Elon Musk has repurchased X.com, a website he created 18 years ago in 1999, although his intentions for the purpose of the domain remain unclear.

X.com was one of the world’s first online banks, insured by FDIC and partnered with Barclays. X.com was initially intended to be full service online financial institution, but could not overcome regulatory challenges. At that time, financial regulatory systems were not equipped to deal with the products that X.com was offering, which included online savings accounts, brokerage services and insurance products.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.