On Friday 19th June, the Australian Prime Minister gave a press conference outlining an intense and persistent cyber attack against Australian organisations, allegedly originating from an overseas adversary. The Prime Minister confidently stated that a hostile nation-state was behind the campaign, refrained from naming the culprit. Other news outlets, however, suggested unnamed senior government officials claimed the origin was China, but this remains unconfirmed by official sources.
Read More
Obviously, writing this in the midst of the Coronavirus outbreak, airlines all round the world are suffering huge impacts from the effects of the isolation, quarantine and travel restrictions that are in place. Cyber security might not be at the top of their agenda, but it’s certainly at the top of Cathay Pacific’s.
Read More
Last week was a big week for the Information Commissioner’s Office in the UK after the BA fine announcement (£183m) and a second data breach fine story around the Marriott Hotel chain.
Read More
This week saw the announcement that British Airways (BA) was to be fined by the Information Commissioner for its breach of the GDPR. The proposed fine amounts to £183m so it caught the attention of the security and legal/compliance community as being the first really notable GDPR case with a big fine attached.
Read More
Few organisations have the resilience to suffer a cyberattack as large as the one the Australian National University (ANU) notified last week. Data breaches of this magnitude certainly take their toll, and in this case the ANU will be feeling the pain for some time to come. But what happened and how can organisations better prepare themselves for this kind of attack?
Read More
At the weekend, an Australian graphic design company called Canva reported a data breach. At this stage, you’d be forgiven for thinking so what? Yet, this wasn’t just a typical data breach – it’s one of the largest privacy breaches of user information in history, on the league table just behind Equifax’s breach of 2017. In Canva’s case, the hacker claims to have stolen 139 million Canva users’ details, including names, postal addresses, email addresses and 70 million users’ password hashes. So how might this breach affect your business and is there anything you can do to protect yourself from the fallout?
Read More
The Office of the Australian Information Commissioner’s fourth quarterly report shows an increase in the percentage of attacks attributed to malicious or criminal activity, as well as a continuing trend of growth in the overall number of attacks.
Read More
In December 2018, the US Department of Justice charged Chinese nationals in an extensive global hacking campaign. The hackers, part of Chinese cyber espionage group APT10, allegedly accessed service providers in twelve countries. This is an example of Nation states seeking access to other government’s systems and information by attacking the data supply chain for security weaknesses; by compromising a managed service provider’s (MSP) systems an adversary may be able to pivot to the primary target, although often the MSP holds confidential information, in its own right, that could further the adversary’s goals.
Read More
New privacy legislation in 2018 saw a dramatic increase in the number of data breach notifications. The 2018 British Airways data breach had more than 380,000 customers’ payment card details stolen by hackers. This contributed to a long line of data breaches making the headlines in the UK, after some of their biggest brands like Superdrug, Carphone Warehouse, Currys, Dixons Travel and PC World were hacked earlier in the year. Read the blog to explore the 5 key steps to mitigating risk.
Read More
The second “Notifiable Data Breaches Quarterly Statistics Report” has been published by the Office of the Australian Information Commissioner (OAIC) and it certainly makes for interesting reading. The statistics within this report show a definite upward trend in reporting and interestingly it also shows a swing from last quarter’s report towards the nature of the incidents, from human error to malicious data theft. Let’s look at some of the details within the OAIC’s report and see what it tells us about the state of security within Australia.
Read More