ACCforum: Millions have data leaked, stolen worldwide - ACCforum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Millions have data leaked, stolen worldwide

#1 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 13 December 2012 - 07:59 PM

Millions have data leaked, stolen worldwide
TOM PULLAR-STRECKER
Last updated 14:31 13/12/2012

http://www.stuff.co....tolen-worldwide

The number of people who had personal information hacked, leaked or lost jumped by 40 per cent to 160 million this year, according to KPMG.

The consulting firm calculated the tally by adding up those affected by 835 known major data breaches.

Those included the loss of 6.5 million user passwords in June by social networking site LinkedIn, the loss of 1.5 million people's credit card details by financial services firm Global Payments and the loss by clothing retailer Zappos in January of the personal details - including physical and email addresses - of its 24 million customers.

Just over two-thirds of the personal information was compromised as a result of hacking attacks, KPMG said. Credit cards details and passwords used to access online service were often what was being sought.

Just over half of the data breaches occurred at commercial businesses but there had been no improvement in the security of information held by governmental and healthcare organisations, KPMG said.

Director Philip Whitmore said it had observed a shift from the accidental loss of data to deliberate theft "either to steal or re-sell the data, or sometimes simply for fun or to make a great headline".

"Several of the world's largest companies have been targeted over recent months by hackers who have grown in sophistication. It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon," he said.

Most data breaches went unpublicised, KPMG believed.

New Zealand's Privacy Commissioner, Marie Shroff, labelled 2012 the "year of the data breach" last month in the wake of high-profile scares at ACC and Work & Income.

A report by her office said 71 Kiwi organisations had fessed up to losing people's information this year, triple the number last year. It believed many organisations were choosing to own up because of publicity surrounding the ACC and Work & Income cases.


The Law Commission last year recommended making it mandatory for organisations to report "serious" data breaches, taking into account their size and sensitivity, and how, by whom and why lost information might be used.

However, it acknowledged there was no evidence internationally that such a regime would make data breaches less common. KPMG has backed such a law change but Business New Zealand boss Phil O'Reilly said last year that criminal sanctions would be heavy-handed and unjustified.

© Fairfax NZ News
0

#2 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 12 February 2016 - 03:57 PM

KPMG: Cyber security moving faster in public sector
1:00 PM Friday Feb 12, 2016

http://www.nzherald....jectid=11588563

The public sector is now leading the way in New Zealand cyber security - and private sector companies could learn some lessons, says cyber security expert Philip Whitmore.

"If you look at cyber security now in the public sector, it's probably better than in the private sector," KPMG partner Whitmore says. "There's still a long way to go, but things are heading in the right direction."

Cyber security has been a major government focus in recent years because of increasing cyber-attacks globally, national and international ramifications from a spate of incidents and a major review of security in the public sector. It will soon bear fruit - government agencies will report for the first time next month on new Protective Security Requirements.

In 2011, a major incident saw an Accident Compensation Corporation (ACC) employee send an internal email with an attached spreadsheet containing personal details of thousands of ACC clients. Included inadvertently in the address list was one of the claimants, who publicly blew the whistle.

It came amid other high-profile public service information breaches - notably the 2012 WINZ kiosk breach incident in which members of the public were able to access beneficiaries' private information. The ACC case sparked a review by the Government Chief Information Officer which concluded "security and privacy process are under-developed in many agencies."

Whitmore says: "New Zealand and the public sector was still a bit naïve then about how effective security was."

Those incidents and subsequent review led to public service organisations having a stronger focus on security, including having senior people with clear security responsibilities.

The private sector, Whitmore says, contains many organisations less effective than the government: "Many private sector boards don't have someone with strong IT skills. Cyber security has all these buzzwords and terminologies people don't understand; it still becomes a black box to most. Boards need to be able to translate IT talk into business talk."

But they have the opportunity to learn from the public sector.

"A lot of the tools the public sector has developed to support it becoming more robust have been made available to the private sector. I'd suggest the private sector should take the opportunity to pick up some of those tools and see how beneficial they are to their own organisations."

The public sector's significant changes include making responsibilities clearer, establishing new standards and reporting frameworks, plus greater emphasis on building security into business and operational processes rather than treating it as an add-on.

Whitmore says a key aim of the public sector has been greater efficiency and effectiveness in interacting with New Zealanders through IT: "That has a lot of upside. But if the technology and processes aren't robust from a security perspective, it will undermine efforts and the benefits won't be realised.

"People will be reluctant to communicate online with state agencies and share information if they can't trust the security of their information."

The importance of security extends beyond New Zealand's borders: "If New Zealand government systems aren't secure, it may impact our ability to interact on a global basis. If our state systems aren't robust, that ability could easily be undermined and make trade and internal cooperation more difficult. Just like business, international affairs are based on trust; security is an enabler of trust."

He sees the release of the Government's Cyber Security Strategy at the end of last year as positive. It demonstrates the government's commitment to ensuring New Zealand is secure and prosperous online, including public-private collaboration and improving the cyber-capability of private and public sector organisations.

Whitmore says in the public sector pre-2012, it was assumed information security was an IT issue IT people could deal with. There was no clear visibility on risks and how they were being addressed.

"That visibility exists now. Most of the risks we see aren't a result of people or of technology but of organisations not understanding their risk."

Organisations have to establish their risk appetite: "Ask, 'is it worth living with this or do we need to spend money?' Throwing money at security by itself won't result in a better situation. If you're applying resources limited in terms of time and money at the areas that matter the most, that will have the most benefit."

Read more from KPMG here
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users