Subscribe to email alerts
Governance, conduct and culture
Organisational change and transformation
Public sector advisory
Forensic accounting and disputes
Cyber forensic, digital forensic and forensic discovery
Fraud, corruption and investigations
Real estate funds management
Real estate investment
Private equity and special situations investment
Holder of an AFSL
Real estate advisory
Project sales and management
Turnaround and restructuring
Independent business reviews
Receiverships, administrations and liquidations
This is the second blog of the Cybergeddon series. Craig Macaulay discusses the Red Cross Blood Service data leak and raises questions regarding the importance of changing our thinking on data.
The leak of personal data from the Red Cross Blood Service (RCBS) has had plenty of exposure.
I am one of 550,000 affected people who have had their personal details exposed to the internet. (The total number of records is more like 1.3 million). So the whole world might have known whether I’ve been involved in “at-risk sexual behaviour” (which I haven’t) and other personal details. That’s scary!
It appears that an RCBS contractor who was doing website development had copied the personal details to a development area of the website where it was exposed to the internet. I assume that the development area wasn’t subject to the normal security rigours.
I have received the email from RCBS offering their sincere apologies for the incident. But that’s not going to solve their problems.
The way I see it we need to get serious about data, its content, and value. Otherwise these sorts of breaches will continue.
Let’s think about our attitudes around data.
One – No common sense. People don’t apply the same level of common sense in the electronic world as in the physical world. For example, people readily click on links in suspicious emails received, then find that crypto-locking software has made all their data unusable. They then have to either pay a ransom to the hackers (maybe in bitcoins) or have to restore their data from a back-up. In the physical world people aren’t so casual with their assets.
Two – No ownership. Businesses are happy to own the business processes and the controls associated with them. For example, IT (who are the custodians of data) are happy to own the infrastructure and the security associated with that infrastructure, like cyber security, and the controls that stop me accessing payroll details. But who is responsible for understanding the value of that data? That value is not just what it cost to get the data. Or what it might be sold for. Thinking about data has to include: What duties do I owe to the people who’ve entrusted their data to me? How much value might my brand lose if I don’t keep that data safe? What value would I lose if my data was destroyed? Or if my competitors got it?
So from a data perspective, no common sense and no ownership: a recipe for disaster!
We need to change our thinking, and fast. Businesses need to understand what data they have, where it is, and people need to take responsibility and ownership of that data. That’s not just IT’s responsibility.
All this being said, I agree that it remains in the public’s interest for the RCBS to collect information from blood donors. I, for one, will continue to donate blood, and I hope this episode doesn’t stop others from doing so.
KordaMentha partners, Grant Graham and Neale Jackson, have been appointed Voluntary Administrators by the Board of menswear clothing retailer, Meccano 2016 Limited, trading as Meccano.
Earlier this year, the Australian government introduced the Fair Work Amendment (Protecting Vulnerable Workers) Bill, which sets out to increase the penalties for serious contraventions and broaden the scope of compliance respon...
We are pleased to advise that our Forensic practice has been recognised as the leading digital forensic group in Asia-Pacific in Who’s Who Legal 2018 Investigations edition.
Most creditors of Network Ten are today receiving payments of 100 cents in the dollar under a dividend distribution announced by KordaMentha Restructuring.