Story image

NDB report: Stronger authentication practices needed

14 May 2019

The Australian Information Commissioner (OIAC) has released the latest quarterly report on the notifications under the Notifiable Data Breaches scheme.

The report found that the majority of the data breaches were on a more targeted scale, involving 100 individuals or fewer.

Most of the data compromised were contact information from malicious or criminal attacks.

Here is what some of the executives in the industry had to say about the report:

Sophos A/NZ managing director John Donovan

According to the latest OAIC report, the healthcare sector has once again topped the list for the most data breaches - with 58 reports of data breaches in the last three months (up 7.4% compared to the previous quarter).

What’s more, malicious and criminal attacks again account for the highest proportion of breach notifications in Australia, followed by human error.

It is very concerning to see health service providers continuing to be targeted and successfully breached by attackers. It goes without saying that this industry is dealing with incredibly sensitive and personal data and, as such, has a huge responsibility to the people of Australia to protect their data effectively. 

The report serves as a reminder to the healthcare industry to implement robust security practices to protect the extremely sensitive data they are entrusted with.

Ping Identity APAC chief technology officer Mark Perry

Enhanced security measures can counter the risk of a breach occurring but have historically been met with employee and management pushback, courtesy of the fact they were perceived as onerous. 

The positive news is that we should see the tide turning with the increasing adoption multi-factor authentication (MFA)  and the introduction of adaptive authentication, self-service capabilities and phone-as-a-token authentication.

Out-of-the-box APIs, SDKs and integration kits continue to reduce the expense and complexity associated with implementation and cloud-delivered solutions, which require minor oversight to run effectively, have seen infrastructure and administration costs plummet. 

Aura Information Security Australia country manager Michael Warnock

While cyber-protection software has a role to play in preventing attacks and provide a sense of comfort to a chief information security officer, human error, carelessness and gullibility allow many a hacker to slip through the cordon. 

This should raise alarm bells for anyone responsible for company compliance and risk management. 

2019 should be a year in which information security is finally viewed as not just the remit of the IT department but an integral component of every employee’s role.

LogMeIn Asia Pacific and Japan VP Lindsay Brown

Similar to last quarter, the Notifiable Data Breaches Q1 2019 report found that malicious or criminal attacks accounted for the majority (61%) of reported data breaches (131 of the 215 breaches).

Of these attacks, 67% involved compromised or stolen credentials collected through various means including phishing and brute-force attacks.

While more and more organisations are looking at ways to mitigate the risk around passwords they continue to be an avenue for malicious actors to infiltrate businesses who rely on their users to do the right thing when it comes to credentials.

With the threat to the digital landscape worsening, organisations must be keenly aware of the importance of their employees having strong passwords. It’s important that businesses establish password requirements, such as minimum length, and complexity. 

Ideally, passwords should have a mix of characters (uppercase, lowercase, symbols, and numbers), avoid words straight out of the dictionary, and be as long as possible – ideally no shorter than 14 characters.

Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."