Story image

Security experts comment on latest OIAC report

31 Oct 2018

The Office of the Australian Information Commissioner has been notified of 245 data breaches affecting personal information between July and September 2018, its latest report shows.

The quarterly statistics report on the Notifiable Data Breaches (NDB) scheme indicates 57% of incidents were caused by a malicious or criminal attack, and 37% resulted from human error.

Australian Information Commissioner and Privacy Commissioner Angelene Falk says training staff on how to identify and prevent privacy risks needs to be part of business as usual.

“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Falk says.

“Organisations and agencies need the right cybersecurity in place, but they also need to make sure work policies and processes support staff to protect personal information every day.

“Our latest report shows 20% of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.”

Thought leaders in the cybersecurity industry have offered their comment on the latest report by the OIAC.

Bitglass Asia Pacific and Japan vice president David Shepherd

"Again, human error and the insider threat account for a significant percentage of the reported security breaches. Considering how prevalent the use of cloud is in Australia it’s surprising there are no specific mentions of cloud data breaches in the report.

“One would have expected to see reference to files stored in the cloud with sharing turned on or exposed S3 buckets, or Blob storage that had been incorrectly configured.

“Maybe data exposure isn’t thought of the same way as a data breach (and therefore reported), or perhaps there continues to be a visibility gap when it comes to data stored in the cloud.”

CQR chief technology officer and co-founder Phil Kernick

 "The latest quarterly Notifiable Data Breach quarterly report has reported around 3.8 reports of breaches daily.   This really should concern people as these are just the "notifiable” ones that can result in serious harm. 

“We can only imagine how many are not notifiable because of the severity, how many are not notifiable because the organisation is not required to comply with the Privacy Act, and how many and how many aren’t even detected.” 

Content Security senior security advisor and group manager Anshul Pandey

“The statistics for what caused the breaches remains similar to last quarter but what has changed is phishing attacks which have gone up from 29% last quarter to 50% this quarter.

“This means organisations have to do more in terms of user awareness and blocking of phishing attacks.”

WatchGuard Technologies A/NZ regional director Mark Sinclair

“It’s interesting to see that the health service sector retains its place at number one for notified data breaches and also has the highest breach rate by human error. 

“Security education of users within the health sector is in dire need and could help reduce the number of breaches if practiced regularly.

Forcepoint Australia and New Zealand senior director Sam Ghebranious

“It is concerning to see an alarming increase in the number of incidents reported to the OAIC in 2018 to date as compared with the last year, indicating that cyber-security threats show no signs of abating.

“What’s more, many of these were internally driven – 20% from phishing attacks and 37% down to human error -  indicating that organisations cannot ignore the threat posed within their four walls when it comes to implementing a comprehensive cybersecurity approach.”

“Only when businesses seek to understand and challenge how their employees interact with and handle data will we see improvements in their cybersecurity posture.”

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.