Latest Products

Quick notes on Cyber-crime

Wednesday 22 March 2017



Cyber-crime is not new but is becoming more prevalent. There is and will always be those who try to access your sensitive data; thus, moving beyond the ‘set and forget’ approach is now vital in this risk and compliance area.

Jamie Rubbi-Clarke, Associate Director of Control Risks, addressed the importance of cyber security and looked at cyber risk and techniques to mitigate it.

 

Some key points to consider
 
  • Phishing techniques are increasingly advanced
“It is a vector for lots different cyber-attacks,” Rubbi-Clarke said. “If criminals are getting better at these emails, it stands to reason that phishing based attacks  will also be more successful.”
He added that criminals are getting better at tailoring their emails. This means they could be using data acquired from underground forums that may have been leaked about an organisation and its employees as a result of pervious breaches.



  • Ransomware
“We are seeing an increase in ransomware because it is still working, and ransomware is a really good example of a free market in practice. There are lot of lots criminals groups in underground forums coming up with different variants of ransomware, seeing what would work, and then pooling their resources into the most successful operations.”

He added that one of the trends is not only to try convince an organisation to release the files, but also then to threaten to leak those files publically. 

“There was quite a funny one that emerged months ago, if you can call this kind of thing funny,” Rubbi-Clarke said. “Unfortunately, once you’ve been a victim to this and your files have been encrypted, you can either pay the ransom, or you can pass that infection on to two other people and you won’t have to pay the fine.“


 

Regulation
“You are likely to be bound by one or more regulations, so obviously in Australia, you have the Privacy Amendment Bill that talks about notification, if you have been breached,” he said.

Also, Chinese cyber security regulation will go live in June of 2017, so companies with data in China need to be aware of their regulatory obligations in that space.

“You must be aware what kind of data you hold on Chinese nationals, and to think about how you transfer that data outside of China,” Rubbi-Clarke said.

He added there is also the General Data Protection Regulation (GDPR) that covers the European Union (EU), where companies can be fined four percent of their global revenue for non-compliance.

“It doesn’t matter if you are in Australia,” Rubbi-Clarke said. “If you are providing a service to EU citizens, you still fall into the ambit of this particular piece of regulation.”