Tag Archive for: strategy

IDCARE warns new privacy laws could exacerbate ransomware attacks – Strategy – Security


National identity support service IDCARE is critical of the federal government’s increased penalties for privacy breaches, saying they could encourage companies to pay ransoms in an attempt to keep a breach secret.

It made the comments in a submission [pdf] to the federal government’s review of the Privacy Act.

Breach frameworks seem “less about informing and supporting a person to take-action who has been placed in a potentially vulnerable position, but more about a need for ‘tick a box’ reporting to regulators and to protect other interests”, IDCARE said in its submission.

That leaves Australian businesses vulnerable to ongoing ransom attacks, the organisation said.

“In terms of ransomware attacks, Australia is open for business … there is little disincentive for these criminals to keep targeting Australian businesses and government agencies,” the submission said.

Fear of the recently-introduced penalties – up to $50 million for a serious privacy breach, one-third of the turnover for an affected company, or three times any financial benefit obtained through data misuse – makes things worse, IDCARE’s submission said.

“This is further exacerbated by the conflicting nature of compliance and notification environment,” it said.

“Pay a million dollars or face a breach that may cost $50 million. Don’t pay and have your customer data exploited in the most abhorrent and public way in an attempt to send a clear signal to future organisations that this will be the consequence if their demands are not met.”

While making the payment of ransoms a specific offence could discourage companies from paying, IDCARE said “there are many complexities to this”, including unnamed insurance companies that encourage the payment of a ransom, if that is the cheapest way for a victim company to recover their data.

IDCARE also warns that the government’s proposed amendments to the Privacy Act will have the “perverse outcome” of making privacy compliance “much more litigious”.

Source…

The New National Cybersecurity Strategy


The new Cybersecurity Strategy face an onslaught of criticism on one particular front: allegations that this is regulation and red tape by another name, and that the administration does not care about innovation or business interests. These critiques are wrong.   

Imagine you bought a new car. It’s the first of its kind: sleek modern design, a new generation of hybrid, and it comes with all the navigational and communications gadgets you could want.  You plan to use it to drive your kids to school, go to the bank, and deliver packages for your small business. You’re taking it on a road trip in a week, and the family can’t wait.  

Then, a package arrives in the mail. It’s the airbags, accompanied by a perfunctory note: update to your new car now available! The manufacturer was so focused on meeting the public launch date they ran out of time to engineer new airbags. But they are here now, with only one small problem: you have to install the airbags yourself.

In the car industry, that level of security lapse would be unforgivable, and likely criminal. But that’s how too many developers have treated security for software—as an afterthought. The new cybersecurity strategy states it plainly: “Too often, we are layering new functionality and technology onto already intricate and brittle systems at the expense of security and resilience.” In other words, the focus has been on features and functions, not defense and resilience.

When computers were a novelty, or largely owned by computer scientists who enjoyed building and programming them, depending on users for security was an acceptable approach. But now, most Americans—most people around the world, even—carry computers in their pockets that are responsible for running critical aspects of our daily lives. They have become banks, healthcare, businesses, livelihoods, news, and entertainment. Smartphones know more about people’s lives than their closest friends and families.

Ideally, every American would completely understand how those devices work, including how social media apps like TikTok hoover up and export data, why quickly installing updates is important, and why location data can be…

Source…

New National Cybersecurity Strategy Calls for ‘Fundamental Shifts’ in Cyber ‘Roles, Responsibilities, and Resources’


The new National Cybersecurity Strategy vows to build “a more defensible and resilient digital ecosystem” through “generational investments” in cyber infrastructure, increased digital diplomacy and private-sector partnerships, regulation of critical sectors, and allowing software firms to be held liable if their products hold the door open for hackers.

“This National Cybersecurity Strategy establishes a clear vision for a secure cyberspace,” Homeland Security Secretary Alejandro Mayorkas said. “The Department of Homeland Security continuously evolves to counter emerging threats and protect Americans in our modern world. We will implement the president’s vision outlined in this strategy, working with partners across sectors and around the globe to provide cybersecurity tools and resources, protect critical infrastructure, respond to and recover from cyber incidents, and pave the way for a more secure future.”

The new long-anticipated strategy, which builds on previous cybersecurity executive orders and replaces the 2018 National Cyber Strategy, was expected to be more aggressive on regulations to better protect vulnerable sectors as well as on offensive actions to go after independent and nation-state hackers.

“We must make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and perpetually frustrating the forces that would threaten it,” the strategy states. “Our goal is a defensible, resilient digital ecosystem where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.”

The strategy says it is driven by “a new phase of deepening digital dependencies,” growing complexity of software and systems, artificial intelligence “which can act in ways unexpected to even their own creators,” accelerating global interconnectivity, digital operational technology, and advanced wireless technologies, Internet of Things (IoT), and space-based assets that make “cyberattacks inherently more destructive and impactful to our daily lives.”

Offensive…

Source…

Hacking Crypto Wallets Is Latest Strategy in Quest to Recover Lost Billions


Early statistics on ether (ETH), the second-biggest cryptocurrency by market cap, are harder to come by. However, data provided to CoinDesk by Crypto Asset Recovery shows that 7% of presale wallets have never had any crypto move – suggesting the ETH in those wallets have just been sitting there, untouched, ever since the Ethereum blockchain went live in 2015. That’s 621 of the 8,893 wallet addresses, or 521,574.608 ETH (roughly $875 million today).

Source…