Updates

Cybercrime

2018

In order to answer to industry shortages, the United Kingdom has launched a new cyber skills strategy that will be supported by a newly formed independent body. The move confirms that cybersecurity will remain an important priority of the government and "central not only to our national security but also fundamental to becoming the world’s best digital economy". The launch of the strategy was preceded by a two-year multi-sectoral consultation process and a research into cybersecurity skills gap in the country.

Quora suffered a data breach which affected 100 million of its users. The breach was discovered on 30 November by Quora, and it is not known how it occurred. According to the official press release, users’ information that was exposed included account information, e.g. name, email address, encrypted password (hashed with a salt that varies for each user) as well as data imported from linked networks when authorized by users, public content and actions (e.g. questions, answers, comments, upvotes), and non-public content and actions (e.g. answer requests, downvotes, direct messages). Questions and answers that were written anonymously were not affected by this breach, because Quora does not store the identities of people who post anonymous content.

Marriott International hotel group revealed it suffered a data breach affecting 500000 of customers, making it one of the largest data breaches reported. Marriott learned in September 2018 that unauthorized access to the network of its Starwood’s division has been happening since 2014. In November 2018, Marriott discovered that an unauthorized party had copied and encrypted information. For approximately 327 million of guests, the information includes some combination of name, mailing address, phone number, email address, and passport number. For some, the information also includes payment card numbers encrypted using Advanced Encryption Standard encryption (AES-128) and payment card expiration dates. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information. Marriott started notifying affected guests and as well as law enforcement as of 30 November.

At the opening of the annual UN Internet Governance Forum (IGF), held at UNESCO premises in Paris, French President Emmanuel Macron launched the “Paris Call for Trust and Security in Cyberspace”, a high-level declaration on developing common principles for securing cyberspace. The Paris Call builds on the WSIS Tunis Agenda’s definition of the ‘respective roles’ of states and other stakeholders. It also resonates with the UN Group of Governmental Experts reaffirmation that international law applies to cyberspace. The declaration invites for support to victims both during peacetime and armed conflict, reaffirms Budapest Convention as the key tool for combating cybercrime, recognises the responsibility of private sector for products security, and calls for broad digital cooperation and capacity-building. It than invites signatories to, among other, prevent damaging general availability or integrity of the public core of the Internet, foreign intervention in electoral processes, ICT-enabled theft of intellectual property for competitive advantage, and non-state actors from ‘hacking-back’. The Paris Call has strong initial support from hundreds of signatories, including leading tech companies and many governments. Yet the USA, Russia, and China are missing. The declaration and its effects will be discussed again during the Paris Peace Forum in 2019, as well as during the IGF 2019 in Berlin.

The UK’s Information Commissioner’s Office fined Facebook with its maximum sanction (€565,000) for its part in the Cambridge Analytica scandal. Euractiv reports that this decision was publicly welcomed by EU officials, such as Justice Commissioner Vĕra Jourová. The UK watchdog indicated that Facebook processed users’ data unfairly by allowing applications to access them without clear consent between 2007 and 2014. Though the GDPR provides for greater sanctions, this regulation only entered in to force in 2018, and was thus not applicable.

Paysafe launched a report entitled Lost in Transaction: The Future of Payments for small and medium-sized businesses (SMBs), an international research investigating the attitudes of businesses in the UK, US, Canada, Germany and Austria to the evolution of payment types. According to the report, more than 52% of online SMBs worry that the move to frictionless payments, such as transactions that take place in apps, is leaving them more exposed to fraud and will negatively impact revenues. These businesses evaluate that security is the most important factor when considering their e-commerce plans. Abandoned transactions are also a source of concern. Around 9% of purchases is not completed. While 28% believe this reflects successful fraud checks, 33% say abandoned transactions have a major impact on business performance, and 15% believe purchases are abandoned purely because of a lack of payment options at the checkout phase.

Pages

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top