Tag Archive for: Failed

Insignia wealth firm failed to fend off cybercrime, court finds

/in


Instead, it ruled that RI Advice engage investigators Security in Depth to conduct a review of the firm’s risk management protocols relating to “cybersecurity and cyber resilience” and provide a written report to the regulator within 30 days.

“These cyberattacks were significant events that allowed third parties to gain unauthorised access to sensitive personal information,” said ASIC deputy chairwoman Sarah Court.

“It is imperative for all entities, including licensees, to have adequate cybersecurity systems in place to protect against unauthorised access.”

A spokeswoman for Insignia said the company had already implemented a “cyber resilience initiative” covering the RI Advice business and about 300 financial advice practices operating under its licence around the country.

“RI Advice has implemented a broad range of measures to manage any potential cyber risks going forward,” the spokeswoman said.

“The court’s judgment relates to historic cybersecurity incidents which occurred prior to that time. This matter has been resolved.”

ANZ, which owned RI Advice during the period in which a number of the cyberattacks took place, declined to comment.

Circular Quay incident

According to court documents, RI Advice sustained nine cybersecurity incidents over a seven-year period from 2014 to 2020. Among them was a ransomware attack in late December 2016 against RI Advice-aligned firm Wise Financial Planning, which hacked an office computer and “encrypted files and made them inaccessible”.

A separate cybersecurity incident occurred in May 2017 involving fellow RI Advice member RetireInvest Circular Quay, after which “[RI Advice] should have, but failed to properly review the effectiveness of cybersecurity controls … across its network”, ASIC’s statement of claim alleged.

Subsequent incidents involving RI Advice members Frontier Financial Group and RI Shepparton occurred in late 2017 and mid-2018, resulting in Security in Depth slapping a “poor” rating on the business.

The court documents also allege RI Advice’s cybersecurity processes were complicated by the transition of the company from ANZ to IOOF’s ownership.

In a separate matter stemming from the…

Source…

Why Russian Cyber Dogs Have Mostly Failed to Bark

/in


Editor’s note: Don’t miss our comprehensive guide to Russia’s war against Ukraine

 

Nearly three weeks ago, U.S. President Joe Biden was purportedly presented with a range of cyber options to counter the Russian invasion of Ukraine. So far, not much is known about the administration’s cyber calculus as the Western response remains focused on imposing punishing rounds of economic sanctions (which include travel bans, asset freezes, and the removal of specific Russian banks from SWIFT) against Russian President Vladimir Putin and the top cadre of military officials and oligarchs in Russia. Though it is possibly the strongest economic sanctions package imposed to date — and has been joined by the imposition of limitations to online services and advanced technology access by tech’s Big Five — it still remains unclear if the sanctions will actually compel Putin to change course and stop the invasion.

Is there then a case to be made for the use of cyber operations to compound the pressure on Russia by increasing costs? And would U.S. cyber action against Russia in the light of invasion of Ukraine expand the conflict — including to the use of conventional or nuclear weapons?

 

 

Given the limited achievements of the Russian military to date, Putin faces increasing pressure to show concrete results on the ground. The broad use of cyber capabilities could thus propel the West further up the escalation ladder without clear de-escalatory crisis off-ramps. This may suggest a more limited role for cyber in this conflict.

The notable absence of cyber options employed so far has puzzled cyber security experts. While Ukraine has certainly been on the receiving end of Russian cyber assault, cybergeddon-scale attacks are missing. Scholars suggest that cyber operations employed by Russia against Ukraine prior to the invasion have been a failure in that the Kremlin has not successfully forced Ukraine to shift eastwards and reorient towards Moscow. However, policymakers and experts remain concerned about the cyber escalation potential and speculate about several explanations for the lack of large-scale cyber events launched by Russia to date. First, as media reports…

Source…

Amazon’s Dark Secret: It Has Failed to Protect Your Data

/in


On September 26, 2018, a row of tech executives filed into a marble- and wood-paneled hearing room and sat down behind a row of tabletop microphones and tiny water bottles. They had all been called to testify before the US Senate Commerce Committee on a dry subject—the safekeeping and privacy of customer data—that had recently been making large numbers of people mad as hell.

Committee chair John Thune, of South Dakota, gaveled the hearing to order, then began listing events from the past year that had shown how an economy built on data can go luridly wrong. It had been 12 months since the news broke that an eminently preventable breach at the credit agency Equifax had claimed the names, social security numbers, and other sensitive credentials of more than 145 million Americans. And it had been six months since Facebook was engulfed in scandal over Cambridge Analytica, a political intelligence firm that had managed to harvest private information from up to 87 million Facebook users for a seemingly Bond-villainesque psychographic scheme to help put Donald Trump in the White House.

To prevent abuses like these, the European Union and the state of California had both passed sweeping new data privacy regulations. Now Congress, Thune said, was poised to write regulations of its own. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he declared. “The question is, what shape will that law take?” Sitting in front of the senator, ready to help answer that question, were representatives from two telecom firms, Apple, Google, Twitter, and Amazon.

Notably absent from the lineup was anyone from Facebook or Equifax, which had been grilled by Congress separately. So for the assembled execs, the hearing marked an opportunity to start lobbying for friendly regulations—and to assure Congress that, of course, their companies had the issue completely under control.

No executive at the hearing projected quite as much aloof confidence on this count as Andrew DeVore, the representative from Amazon, a company that rarely testifies before Congress. After the briefest of greetings, he began his opening remarks by quoting one of his company’s core maxims to…

Source…

The peaceful transition of power has failed. This was the coup.

/in


Rioters carrying Trump flags break through Capitol doors
A pro-Trump mob breaks into the U.S. Capitol on Wednesday.
Win McNamee/Getty Images

There will not be a peaceful transition of power between the 45th and 46th American presidents. The country’s leaders and its leading institutions—the traditional ones, not the Trump ones—spent four years promising that transition, despite everything Donald Trump might say to the contrary. It was the safe, secure alternative to other, more confrontational courses of action, the fallback plan when congressional subpoenas, judicial oversight, and even impeachment turned out to be toothless: Let the voters decide, trust the Constitution, and this will pass.

No matter how this administration eventually gives way to the next one, the promise of a peaceful transition has already failed. It failed on live video, over the course of hours. The president told his supporters he would never accept the results of the election he lost, he urged them to go to the Capitol to support him, and they complied. Trump’s loyalists stormed in on the official counting of the electoral votes, forcing the legislators to break it off, hide under their desks, and then flee the building. The invaders looted souvenirs; police shot a woman dead.

The Trump era (and American history, of which it is a part) has been defined by a stubborn, fretful failure to call things what they are. Bribery, ethnic cleansing, kidnapping, murder—surely the president didn’t really do these things. He couldn’t have meant them that way. Not seriously, or not literally.

Seriously, literally, actually: On Jan. 6, at the president’s direction, the constitutionally scheduled process for the transfer of power was interrupted by violence. By night, police had cleared the building, and Congress set out to try again.

In the meantime, the National Guard was called in for additional security—but not on the president’s orders. By the account of the secretary of defense (or the acting secretary, in the preexisting shambles of the Trump administration), the decision to deploy the…

Source…