ACCG3025: Week 1 Cybersecurity and Privacy

 News Headlines
- Ransomware demand increase in volume and $ value, including attacks on MSPs
- TikTok app data security
- Consumer Data Right for banking commenced in Australia on 1 July 2020
- Supply chain cuber-attacks increase
- Encrochat “secure” mobile phone service for criminals breached by
UK/French/Dutch law enforcement

 Cybersecurity
- Is really a business issue
- People and processes just as important as tech
- Business faces both internal and external risks from its supply chain to its
customers
- Creates many externalities
- Software developers currently face insufficient liability for the risks they create.
Due to race to be first creating a less than optimal ability to reduce risks
- Customers cannot accurately assess the credibility of claims made by most
vendors as to the extent to which they have mitigated cybersecurity risks
- Attackers are always evolving – they only have to be right once to create an issue
- Info asymmetries and inadequate heuristic limits our ability to effectively
respond

 Lessons for Business

- Failure to manage cybersecurity risks leads to a fall in a firm’s share price and
large fines
- Security is expensive but necessary
- They need to understand an attackers motivations
- Don’t just rely on anti-virus
- SME’s are particularly vulnerable
- Need to make an informed decision about what risks to tolerate, which it will
outsource and which it will invest to protect itself against

 Cybersecurity has Job Security

- Lack of skilled workers at present
- Mismatch between data experts (don’t understand threat scenarios) and security
professionals (don’t understand data analysis)
- Is becoming a big data challenge
- Proposed solutions may undermine the benefits stakeholders currently receive
from the borderless internet
 Privacy
- Three types:
1. Freedom from government intrusion
2. Autonomy in personal decision-making
3. Restricting dissemination of personal information
- Can be both a human right and an economic right
- Highly contextual and culture-specific
- Privacy often clashes with other goals

 Threats to privacy
- Social such as bullying and stalking
- Organisational such as secondary use by the data collector or third parties
- Improper access by employees, government or public
- Five theories of privacy
1. Privacy calculus theory
2. Social theory
3. Cognitive biases and heuristic theory
4. New institutional Economics theory
5. Quantum homomorphism theory

 Australian Attitude’s
- Carried by OAIC 2017, 1800 interviewed
- Half were not aware of the existence of the Australian Privacy Commissioner
- Biggest perceived threats
 Online services
 ID fraud
 Data security breaches
 Risk to financial data
- Social media and e-commerce had the lowest trust
- Only 1% like to receive unsolicited communications (spam)
- Trust in an organisation declines with age
- 93% were concerned with data that was sent offshore

 Information Privacy Paradox

- People express a theoretical desire to protect their privacy, but their actual
conduct tends not to reflect this desire
- Many people are willing to disclose personal info for small rewards
- Role of immediate gratification bias, incomplete information and psychological
biases

 How to Protect Privacy?

- Refusal to provide info
- Providing false info
- Negative word of mouth
- Complaining to companies
- Browser-plugins