Security Market Segment LS
Wednesday, 07 June 2017 07:05

Ransomware attack will count as data breach: security pro Featured

By

Ransomware attacks will be regarded as data breaches under Australia's new data breach legislation that comes into force on 22 February next year, according to the chief cyber security adviser at RSA.

Leonard Kleinman gave a rundown of what one could expect when the Privacy Amendment (Notifiable Data Breaches) Act 2017 takes effect, focusing on the security side of things, at a seminar in Melbourne on Tuesday.

His focus on ransomware was understandable, given the fact that this Windows scourge has been in the news more often than not in 2016 and the beginning of this year, culminating in the recent WannaCry attack that threatened to go worldwide until it was nipped in the bud by an accidental act.

Kleinman pointed out that ransomware had a history going back to 1989, when the AIDS trojan, which replaced the AUTOEXEC.BAT file on an MS-DOS machine and attacked the machine itself on the 90th boot.

It would hide the directories and rename all files on the C: drive, at which time the user was asked to "renew the licence" and contact PC Cyborg Corporation in Panama to pay US$189.

Given the cyber security environment at the moment, Kleinman said it was necessary to understand the legislation and its obligations, even if a company was not planning to take the necessary steps to plan for it.

Indeed, this was a common theme which was advanced by the other two speakers at the seminar: Helaine Leggat, the director of Information Legal, and Mani Amini, GRC group manager at Content Security, the other firm that was involved in organising the seminar.

(The Office of the Australian Information Commissioner has a rundown of the data breach act here.)

Leggat told iTWire that the legislation itself had been prompted by the fact that Australia trailed behind the rest of the world in data breach law and it had to catch up in order to ensure that people could do business across borders.

"Even New Zealand is ahead of us in this field," she said.

Leggat outlined the changes that the law had brought about to the Privacy Act, highlighting the fact that while there were many exclusions, the penalties would not be light if one was caught.

She told iTWire that the introduction of the law would provide plenty of work for lawyers, with many now advertising themselves as cyber security specialists in what she agreed was a feeding frenzy.

Amini's presentation dealt with privacy readiness assessment: how a company should go about preparing for the legislation if it intended to be fully prepared to deal with it.

In one word, the process will be complicated, and is likely to impose additional costs on businesses that come within the $3 million bracket and are thus covered by the law.

Kleinman told iTWire that there would be many companies who would be providing information about the legislation as a way to attract business.

He said the Melbourne seminar — and two others, held in Sydney and Brisbane — were aimed at tier two companies, as the big firms would have their own experts within their own ranks. And, he added, RSA's take on it was coming from a company that specialised in security.

Breaches of the law as far as failing to notify those affected by a breach will attract fines of up to $360,000 for individuals and $1.8 million for organisations. Insufficient care of the data in question, if proved, could attract further fines.

The Office of the Australian Information Commissioner is currently seeking public comment on entities covered by the NDB scheme; notifying individuals about an eligible data breach; identifying eligible data breaches; and the Australian Information Commissioner’s role in the scheme.

The last date for submitting comments is 14 July.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments