Security Market Segment LS
Wednesday, 07 June 2017 07:05

Ransomware attack will count as data breach: security pro Featured


Ransomware attacks will be regarded as data breaches under Australia's new data breach legislation that comes into force on 22 February next year, according to the chief cyber security adviser at RSA.

Leonard Kleinman gave a rundown of what one could expect when the Privacy Amendment (Notifiable Data Breaches) Act 2017 takes effect, focusing on the security side of things, at a seminar in Melbourne on Tuesday.

His focus on ransomware was understandable, given the fact that this Windows scourge has been in the news more often than not in 2016 and the beginning of this year, culminating in the recent WannaCry attack that threatened to go worldwide until it was nipped in the bud by an accidental act.

Kleinman pointed out that ransomware had a history going back to 1989, when the AIDS trojan, which replaced the AUTOEXEC.BAT file on an MS-DOS machine and attacked the machine itself on the 90th boot.

It would hide the directories and rename all files on the C: drive, at which time the user was asked to "renew the licence" and contact PC Cyborg Corporation in Panama to pay US$189.

Given the cyber security environment at the moment, Kleinman said it was necessary to understand the legislation and its obligations, even if a company was not planning to take the necessary steps to plan for it.

Indeed, this was a common theme which was advanced by the other two speakers at the seminar: Helaine Leggat, the director of Information Legal, and Mani Amini, GRC group manager at Content Security, the other firm that was involved in organising the seminar.

(The Office of the Australian Information Commissioner has a rundown of the data breach act here.)

Leggat told iTWire that the legislation itself had been prompted by the fact that Australia trailed behind the rest of the world in data breach law and it had to catch up in order to ensure that people could do business across borders.

"Even New Zealand is ahead of us in this field," she said.

Leggat outlined the changes that the law had brought about to the Privacy Act, highlighting the fact that while there were many exclusions, the penalties would not be light if one was caught.

She told iTWire that the introduction of the law would provide plenty of work for lawyers, with many now advertising themselves as cyber security specialists in what she agreed was a feeding frenzy.

Amini's presentation dealt with privacy readiness assessment: how a company should go about preparing for the legislation if it intended to be fully prepared to deal with it.

In one word, the process will be complicated, and is likely to impose additional costs on businesses that come within the $3 million bracket and are thus covered by the law.

Kleinman told iTWire that there would be many companies who would be providing information about the legislation as a way to attract business.

He said the Melbourne seminar — and two others, held in Sydney and Brisbane — were aimed at tier two companies, as the big firms would have their own experts within their own ranks. And, he added, RSA's take on it was coming from a company that specialised in security.

Breaches of the law as far as failing to notify those affected by a breach will attract fines of up to $360,000 for individuals and $1.8 million for organisations. Insufficient care of the data in question, if proved, could attract further fines.

The Office of the Australian Information Commissioner is currently seeking public comment on entities covered by the NDB scheme; notifying individuals about an eligible data breach; identifying eligible data breaches; and the Australian Information Commissioner’s role in the scheme.

The last date for submitting comments is 14 July.

Read 8273 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News