Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 28 June 2018 11:14

PageUp should stop treating breach like a PR affair


It has been nine days since the human resources software supplier PageUp People issued an update on the massive breach that it announced on 6 June, after having noticed an intrusion on 23 May.

And the indications are that the company is now looking at reducing any reputational damage that it may have suffered as a result of the intrusion; in other words, it appears to be treating security as a PR affair.

In this, it has been aided on Thursday by the Australian Financial Review, a wonderful publication that barracks for corporates whenever the opportunity presents itself (unless, of course, they happen to be companies like Huawei).

There is talk within this article of the UK's "incredibly stringent laws on breach disclosure": Britain has a 72-hour deadline for disclosure, a fact that PageUp would have been aware of when it extended its business to that country. Stringent? Hardly, when one considers the kind of shenanigans have gone on in that country with regard to data leaks.

There is also talk of "disgruntled clients" as though companies whose data has been leaked are expected to be partying with bon-bons and ice-cream. When you pay for a service and it breaks down, you are entitled to get disgruntled.

PageUp has changed its story a few times since the initial announcement of the breach on 6 June.

The company initially said the breach was due to a malware infection. But a statement on 12 June said: "Advanced methods were used to gain unauthorised access to PageUp’s IT systems in Australia, Singapore and the UK", indicating that the breach may have gone deeper into company systems than originally indicated.

In the AFR article, the claim is made by chief executive and co-founder Karen Cariss that the company still does not know how many records have been affected. That sounds ominous – is Cariss going to know the extent of damage only when personal details from its systems appear for sale on the dark web?

This statement comes despite the company saying it has hired security firm Hivint to assist with incident response co-ordination and security outfit Klein & Co to do the required forensics.

Adding to the problem has been the head of the Australian Cyber Security Centre Alastair MacGibbon who looks to be playing a PR role for PageUp. The AFR puts it this way: "Earlier this week Australia's national cyber security adviser, Alastair MacGibbon, described PageUp as being effectively 'victimised' as a result of having to out itself to Australian customers before it even knew for certain there was a problem."

Now if a company detects an intrusion on 23 May and is unable to ascertain within two weeks whether it has a problem or not, then it should not be doing business online. And arguably, a company that was set up in 1997 and claims to have "2.6 million active customer employee users in over 190 countries", should have some decent well-paid hackers on its staff.

MacGibbon has also made some rather cute statements, saying that there is a difference between data being accessed and exfiltrated. Of course, playing with words will put some people off the track. But some of us are made of harder stuff.

The need for good tech staff is magnified by the fact that PageUp deals with oodles of personal information, and that too from a list of Australian companies that anybody would die to have as clients: the Commonwealth Bank. the Australian Broadcasting Corporation, Telstra, NAB, Coles, Aldi, Medibank, Australia Post, Target, Reserve Bank of Australia, Officeworks, Kmart, Linfox, AMP, Asahi, Sony, Newcrest, the University of Tasmania and Lindt. There could be others that I have missed.

With an operation this big, was there a dearth of funds to spend on decent security? One doubts that.

In this kind of situation, sympathy should not lie with those who have been hacked, but rather with their clients. And the more clients who end their relationship with PageUp, the harder the message will hit home: online business, especially when it involves personally identifiable information, cannot be done on the cheap.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News