By Cameron Abbott and Olivia Coburn
Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.
This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.
Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.
According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:
This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.
By Cameron Abbott and Allison Wallace
A new report has revealed 95% of cloud services used by enterprises aren’t enterprise ready.
The January 2017 Netskope Cloud Report reveals a staggering 82% don’t encrypt data at rest, 66 per cent don’t specify in their terms that the customer owns their own data, and 42% don’t allow administrators to enforce password controls.
Of malware found in cloud services, backdoors were the most common (43.2%), with others including adware (9.8%), Javascript malware (8.1%) and ransomware (7.4%).
The report also shows an increase in the use of cloud services – with an average of 1031 cloud services in use per enterprise, up from 977 in the previous quarter. The retail, restaurant and hospitality industry was the biggest user of cloud services (1193), followed by financial services, banking and insurance (1132).
By Cameron Abbott and Allison Wallace
With the EU heading full throttle towards the implementation of new data protection regulations in May 2018, there has been a lot of buzz around the impact the regulations will have, not only on day-to-day life, but other existing regulations.
One of these regulations is the Directive 2002/58/EC aka the ePrivacy Directive, which has been urgently reviewed ahead of the data protection regulations being implemented.
Brussels partner Ignasi Guardans has detailed the review and its implications here.
By Cameron Abbott and Allison Wallace
A survey of nearly 600 organisations across a variety of industries globally has revealed 98% of these organisations experienced some form of cyber-attack in 2016. (We are left wondering if the other 2% just didn’t notice?)
The survey, conducted by cyber-security company Radware, also found that many organisations are still not prepared to face the threat landscape including that 40% of organisations do not have an incident response plan in place.
Respondents indicated that ransom was the top motivation behind cyber-attacks (41%), followed by insider threats (27%), political hacktivism (26%) and competition (26%).
Radware’s Vice President of Security Solutions, Carl Herberger, says that money is the top motivator in today’s threat landscape. He says “attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.
Radware predicts that in 2017, we will see an increase in the use of IoT botnets, cyber ransom, telephony DoS, permanent denial of service for data centre and IoT operations, and public transport being held hostage.
Not the most positive outlook for 2017, but it would be a brave person to suggest they are wrong with those predictions.
By Cameron Abbott and Giles Whittaker
The US and the European Union reportedly reached an agreement on the language of a key data transfer pact, including clearer limits on U.S. surveillance and stricter rules for companies holding information of Europeans. The updated EU-US Privacy Shield was sent to EU member states, who are expected to vote on the proposal in July. The revised data transfer pact is said to include stricter cross-border data-handling rules for companies using Europeans’ information for targeted online advertising, and also has detailed the specific condition under which U.S. government intelligence services would collect data in bulk and the safeguards on how the data is used.
Meanwhile, U.S. Chamber of Commerce Executive Vice President and Head of International Affairs Myron Brilliant urged the EU’s member states to quickly sign off on the updated version, saying that the new framework for trans-Atlantic data transfer is critical for companies on both sides of the pond.
Further information regarding the report by Reuters can be read here.
By Cameron Abbott and Giles Whittaker
A report sponsored by IBM and conducted by the Ponemon Institute found that the average cost of a data breach has grown to $4 million, up 29% from 2013. The survey also found cybersecurity incidents continued to witness growth in both volume and sophistication, with 64% more security incidents reported in 2015 than the preceding year. According to the study, the companies lose $158 per compromised record. Also not surprisingly, breaches in highly regulated industries were even more costly. For instance, healthcare breaches reached $355 per record – a full $100 more than in 2013.
Read the full report conducted by the Ponemon Institute here.
By Cameron Abbott, Rob Pulham and Giles Whittaker
The EU-US Privacy Shield data-sharing agreement has come under scrutiny from the European Data Protection Supervisor Giovanni Buttarelli. Mr Buttarelli has expressed concerns that the Privacy Shield, which will outline how data (including personal information) should be handled in foreign jurisdictions, is “not robust enough to withstand future legal scrutiny”.
While Mr Buttarelli said he “appreciates” the efforts made to develop a solution to replace Safe Harbour, he emphasised that “significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect…the key data protection principles” which are afforded in Europe with particular regard to “necessity, proportionality and redress mechanisms”.
Giovanni Buttarelli’s statement regarding the Privacy Shield can be found here.
By Cameron Abbott and Simon Ly
Last week the OAIC released their consultation draft Guide to big data and the Australian Privacy Principles, with feedback on the Guide open until 26 July 2016.
The main purpose of the Guide is to facilitate big data activities while protecting personal information (being information or an opinion about an identified individual, or an individual who is reasonably identifiable). The Guide addresses issues such as notice and consent, retention minimisation and use limitation in regards to such data. Whilst not legally binding, the Guide will be referred to by the Privacy Commissioner in undertaking its functions under the Privacy Act.
One of the key aspects dealt with in the Guide is that entities should consider undertaking big data activities on an anonymised manner by de-identifying personal information. If so, this has the favourable outcome that such data will not be considered personal information so accordingly less onerous obligations apply under the Privacy Act to such data. Of course, if this is the case it also lessens the chance that personal information will be compromised should a data breach occur (speaking of which, we note OAIC’s April 2016 guide to deal with data breaches). However, in our experience most of our clients want to analyse and then drill down to take actions or campaigns in relation to a then identified group of customers.
The Guide also highlights how big data interacts with the APPs as well as discussing other related concepts, such as “privacy by design” frameworks. For more information, you can access the OAIC’s consultation draft Guide here.
Copyright © 2024, K&L Gates LLP. All Rights Reserved.