Legal Consequences for Businesses – Cyber Security

The danger of a cyber security breach lies not only in the breach itself but in its significant legal ramifications. It’s just a matter of time before Australian courts are faced with a cyber security class action, especially considering that the number of cyber security attacks is on the rise.

A recent class action in the U.S brought against credit reporting agency Equifax, highlights the legal implications for organisations that do not have the appropriate security controls in place. The action alleges that Equifax was negligent in protecting the individuals whose data it held because they did not maintain adequate safeguards against unlawful access (which they knew could result in a substantial data breach).

The minimum criteria for a class action in Australia is a group of seven complainants who have a related claim that gives rise to a common issue. In a scenario where a number of people have had their data leaked in the same cyber security attack, like that in the Equifax example, these minimum requirements would likely be met. The difference in the amounts lost or circumstances of the transactions is irrelevant.

ASIC has reported that at least 80% or organisations anticipate a rise in cyber threat over the next 12 months, and that risk should also be the responsibility of the individuals and companies who entrust their information to providers. However, with cyber security threats rising, the legal fraternity’s expectation of those tasked with the responsibility of protecting individuals against these risks is also increasing; and no company is immune – the risk of a cyber attack touches every organisation that collects or maintains confidential property.

Essentially, as cyber attacks increase it is expected that momentum will build in favour of financial compensation for individuals that suffer as a result of such attacks. Even with the best intentions, or a belief that your company is secure, outdated security measures may leave your organisation open not only to security breaches but to considerable litigation.

Cyber security risk is now an enterprise wide issue that necessitates strategic execution. Today’s leaders will be expected to justify the security defences they pull together to protect their organisations from liabilities that cyber hacks can expose them to.

Actively manage your cyber security risk by taking our survey to measure your vulnerability.

2017 Australian Cyber Security Centre (ACSC) Threat Report

Last month the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan MP, released the 2017 Australian Cyber Security Centre (ACSC) Threat Report. This report outlines the types of threats and trends now emerging within the Australian cyber landscape.

Mr Tehan says, “…cyber security is not just the business of national security, but something that must become second nature to all Australians. Cyber security is not just the domain of our intelligence agencies or our defence forces [it’s]… as relevant for mums and dads, small business owners and local communities, to keep their data, their money and their identities secure.”

As we know, the nature of cybercrime is fast evolving; but its impact is not only damaging it’s far reaching, Mr Tehan says, “over the past year, we have seen increased targeting of trusted third parties, particularly service providers. These companies are highly attractive targets as they can provide access into a range of primary targets.”

Cyber criminals employ a range of tactics to infiltrate our data, with ransomware being a popular means of extortion. This type of crime enables cyber criminals access to a large amount of data from a broad range of victims. As we can see it’s not only large corporates who are vulnerable.

Mr Tehan says ransomware is used to take advantage of known weaknesses in our cyber defences and that we need to be on the front foot when it comes to cyber security, saying “backing up data and proven data restoration processes are vital to mitigate data being encrypted, corrupted or deleted by ransomware.”

Read the 2017 Australian Cyber Security Centre Threat Report.

AFP traffic infringement scam

A recent email scam targeting road users has highlighted the case for stronger education around what constitutes good e-mail practice in today’s corporate landscape.

This latest email was sent with AFP branding and alerts the recipient that they have been issued with a traffic infringement notice.

Whilst convincing, on closer inspection small nuances serve as clues that this email scam is far from legit. For example the email had not been personally addressed, the fine listed includes cents and the letter A after the dollar sign, and it lacks any detail about your number plate or the actual offence.

Over recent weeks there have been numerous other scams that play on this ‘notice’ theme, all of which are particularly destructive; as these types of scam emails, if downloaded, can infiltrate your computer and steal your credentials.

A scam email such as this should not be viewed in isolation; this is just one of many potentially damaging scenarios in which someone can be attacked through email. More robust education of staff and board members will better equip them to properly identify phishing scams and malware attempts, which is a must for any organisation’s risk mitigation strategy.

Before you go, get a demo of our next-gen security awareness platform and see how we can help reduce your client's human risk.
Thanks, Not Interested
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
Thanks, Not Interested
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.