AUSTRALIA would become a greater target for cyber attacks as organisations in the US and Europe tightened security systems, a legal expert has warned.
Speaking ahead of a network security and privacy symposium starting today, DLA Piper intellectual property and technology partner Alec Christie said there had been a significant increase in the number of attacks.
“I think that obviously with the US and Europe being bigger markets they are slightly bigger targets,’’ Mr Christie said. “I think as security systems get better in those markets it (the cyber threat) will move more to Australia.’’
In the US last week, the FBI was probing a computer-hacking attack on JPMorgan Chase and as many as four other banks in what has been described as a significant breach of corporate computer security. “It is the same issues whether you are in the US or Australia,’’ said Mr Christie, who is a presenter at the symposium.
“They are more litigious over there so there has been more shareholder actions, there has been more pushback and there has been more regulators chasing bigger amounts of money, but we are now in that environment.’’
Under Australia’s new privacy laws, introduced in March, agencies and companies can be fined $1.7 million and individuals $340,000 for serious or repeated invasions of privacy.
“Although we don’t have mandatory breach notification, there is no doubt that is on the way,’’ Mr Christie said.
He said the weakest links for companies were “bring your own device” and social media.
“I am aware of significant activity in the financial services, retail — including particularly the online retail space — and a couple of large restaurant chains that have been the subject of some attacks as well,’’ Mr Christie said.
Earlier this year, Australian Securities & Investments Commission chairman Greg Medcraft estimated that cyber crime attacks cost Australian companies approximately $2m per event.
DLA Piper is presenting the symposium in Sydney, Brisbane and Melbourne this week.
“It is generally understood that it is multiplying rapidly in Australia,’’ Mr Christie said.
“The minor attacks have been increasing exponentially across small and medium enterprises as well as the more sophisticated attacks on the big end of town.’’
Australia was also likely to follow the US trend for more litigation and class actions against directors and companies where share price drops.
“What is happening now with cyber exposures are that they are becoming a mainstream enterprise risk management issue,’’ said Kevin Kalinich, who is global practice leader for cyber risk insurance at Aon.
Aon, a global provider of risk management and human resources solutions, represents US companies targeted by attacks, including Sony and retailers Target and Nieman Marcus.
Mr Kalinich, who is also a presenter at the symposium, said companies should implement a cyber mitigation policy that included IT security, legal, human resources, risk management and finance, and was endorsed by management.
“As part of that cyber mitigation policy it has to evaluate your third-party providers — social media, mobile communications, cloud computing, data analytics, all of those involve some aspect of third party providers.’’
He said companies should also create a breach response plan, which differed from the mitigation policy.
“It is what are you going to do in the event of a cyber incident and do you have protection in the way of risk transfer insurance to protect your financial statement,’’ Mr Kalinich said.
No comments:
Post a Comment