By Cameron Abbott and Allison Wallace
Smart home devices like the Google Home and Amazon Echo were popular gifts this past Christmas – just like Fitbits have been the Christmases past.
But could these smart devices that we rely on to seek out and relay information to us, turn on our favourite music, or count our calories and steps, be used to produce evidence against us, if we were to commit a crime? Read More
By Cameron Abbott and Keely O’Dowd
A study by Accenture and Ponemon Institute – Cost of Cyber Crime Study: Insights on the security investments that make a difference – found cyberattacks cost financial service firms more to address and contain than in any other industry. The rate of breaches in the industry has tripled in the past five years. On average, the cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years, from $12.97 million per firm in 2014 to $18.28 million in 2017.
The notifiable data breach scheme, as outlined in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), commenced yesterday, 22 February. Under this new scheme, in the event an organisation experiences a data breach that is likely to result in serious harm to any individual, that organisation will be required to notify the Australian Information Commissioner and any affected individual(s) of the breach. This 60 second video will help you prepare your organisation for these changes.
By Cameron Abbott, Keely O’Dowd and Giles Whittaker
Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.
In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).
At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.
By Cameron Abbott, Keely O’Dowd and Harry Crawford
The Internet of Things (IoT) allows unprecedented interconnectivity for consumers, and unfortunately for those consumers, hackers as well.
The European Union Agency for Network and Information Security (ENISA) recently released a report to provide insight into the security requirements of IoT and good practices recommendations on preventing and mitigating cyber-attacks against IoT systems. The report even includes examples of IoT cyber security attack scenarios.
By Cameron Abbott and Giles Whittaker
Amazon Web Services rolled out an IoT service called IoT Device Defender to limit risks from unsecured IoT devices. The service will monitor an entire fleet of devices for compliance policies and best practices. As such, an organization can set the normal operational parameters and policies for a given fleet of devices and then Device Defender will make sure those policies are enforced.
By Cameron Abbott and Giles Whittaker
The emergence of a booming dark web marketplace has facilitated the skyrocketing ransomware sales from US$249,287.05 in 2016 to US$6,237,248.90 as of September 2017, representing a growth rate of 2,502%. This rapid growth is in part due to not only the effectiveness of ransomware as a criminal enterprise but the increased availability to partake in such activities. According to a recent report by Carbon Black, The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rates of More than 2,500% Per Year, there are 45,000 ransomware product lines at an average price of US$10.50 and includes various do-it yourself (DIY) kits.
By Cameron Abbott and Olivia Coburn
The United States Securities and Exchange Commission (SEC) is facing scrutiny on its handling of a data breach that occurred in 2016 – but was only publicly disclosed on 20 September 2017.
Hackers accessed information on corporate filings intended for investors, which would be used for insider trading.
By Cameron Abbott and Olivia Coburn
Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.
Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers – a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.
By Cameron Abbott and Olivia Coburn
RiskIQ, a US-based cyber security company, has reported that 40% of businesses surveyed in the US and the UK have experienced 5 or more significant security incidents in the past 12 months. Significant incidents include malware, targeted attacks, mobile exposures, rogue mobile apps, website or brand abuse, phishing and social impersonation.
RiskIQ, through IDG Connect, also surveyed the confidence of corporate decision-makers in their ability to handle and mitigate cyber threats. Their report, 2017 State of Enterprise Digital Defense Report, reveals that nearly two-thirds of respondents had no to modest confidence in their ability to manage digital threats.
Copyright © 2025, K&L Gates LLP. All Rights Reserved.