22 February 2019

IRM Weekly Cybersecurity Roundup: Toyota Australia cyber-attack and more

Our weekly cybersecurity roundups gather the most important headlines in the industry from the last seven days. If you want the weekly roundup delivered straight to your inbox, sign up to the IRM newsletter.

Toyota Australia hit by cyber-attack

Toyota Australia’s email systems have been taken out by a cyber-attack which has forced employees to turn to other forms of communications.

Despite the company stating that no private employee or customer data has been accessed, staff were sent home and a local radio station was the first to announce the cyber-attack.

This attack follows a string of other recent cyber incidents in Australia, including the federal parliament breach and an attack on a Melbourne medical group (see “Quick Fire Updates” below).

You can read more here.

New York under pressure from new cyber regulation

Businesses in New York have had two years to conform to the NYDFS Cybersecurity Regulation – new legislation implemented by the NY Department of Financial Services. The aim of the new regulation is to make financial institutions in New York adopt a robust cybersecurity programme.

After officially being stipulated in 2017, organisations have been subject to several deadlines. Many financial institutions have already hired CISOs, implemented programmes and commissioned regular penetration testing, but others haven’t quite fulfilled the regulation obligations.

The final deadline is March 1st 2019, and requires organisations to implement written policies and procedures to ensure effective management of their third parties. This requirement grew from the concerning research that only 46% of institutions performed “pre-contract on-site assessments of at least high-risk third party vendors”.

You can read more here.

Are we accepting cyber-attacks as part of 21st Century life?

Despite the impact of the GDPR, not all companies carry GDPR risk, whereas every business has an IT failure risk. Whilst GDPR has helped raise awareness at board level, breaches are still occurring at a rapid pace.

TalkTalk’s cyber-attack in 2015 generated a huge amount of a press coverage for months after the event. Four years on, with several cyber-attacks occurring each week, mainstream press coverage tends to dry up after a few days or weeks.

Why is the media interest dwindling in cyber-attacks? Society is becoming increasingly immune to breaches and the financial losses and overall consequences of these types of events are now much better understood.

You can read more here.

You can now organise your own cyber funeral

Putting aside the average physical funeral that we’re all aware of, changes to privacy legislation in Europe and South Korea now gives you power over your personal information, enabling you to organise a “cyber funeral”.

The concept of “digital undertaking” involves tidying up your public data after you die. It’s a new idea being executed in South Korea, similar to the EU’s “right to be forgotten” legislation.

A company based in Seoul, Santa Cruise, is one of the first to take on digital undertaking. They contact social media outlets and search engine companies to request for the removal of personal information of the deceased. If this tactic fails, they will flood search engines with “new, conflicting data” about the deceased person.

You can read more here.

Quick fire updates

Patient data compromised in Melbourne attack – Malware from North Korea or Russia was used as part of a ransom attack against the Melbourne Heart Group. The Australian Cyber Security Centre is providing assistance to the medical group as patient data has been encrypted and “scrambled”. Read more here.

Connected children’s device recalled under cyber concerns – The SAFE-KID-One smartwatch is designed to give parents the ability to track and communicate with their children. There are concerns over the fact that the device could allow a hacker to access user data such as location history and phone numbers. Read more here.

Bank-led Australian school cyber security initiative launched – AustCyber, ANZ, Commonwealth Bank, NAB, Westpac and British Telecom have aligned to launch a $1.35 million national program. The initiative will see students in years 7-10 taught about cybersecurity fundamentals in an attempt to address the serious cyber IT skills shortage across Australia. Read more here.

NCSC head says Huawei risk can be managed – Ciaran Martin has defended the UK’s approach to Huawei, stating that the country as the “toughest and most rigorous oversight regime in the World for Huawei”. Despite concerns over Huawei’s cybersecurity from other organisations and countries, Martin reassured those in Brussels that the UK had a wealth of understanding about Huawei’s operations. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.