Highlights from latest Notifiable Data Breach report (July 2019)

By Peter Lambert | October 10, 2019

iStock-1146142357

It is clear from the latest OAIC (Office of the Australian Information Commissioner) report that all Australians need to address education around data security...

According to this latest report – “People” are still the problem.

While the number of reported incidents remain steady, the concern remains that the vast majority of breaches reported included some sort of human error, whether it be an accidental dispatch of confidential information or falling victim to a phishing email. External threats such as hacking and brute force attacks make up only a small fraction of all breaches.

To understand more about Cybersecurity and how to protect yourself, read the following:

Highlights from the latest OAIC report

Human intervention

34% of all breaches reported were from a direct human error without any social engineering. Of the 151 breaches that came from malicious attacks, around 100 can be safely attributed to social engineering.

Therefore, of the 245 reported breaches, we can estimate that 185 were due to people and their lack of training and procedures, and not the lack of effectiveness of their technology against data breaches.

That’s 75.5%, roughly ¾ of all breaches.

Human error

34% of the quarter’s breaches that were due to human error were not insignificant. “Unintended release or publication” of personal information contributed 15 incidents to the quarter, exposing a massive average of 9479 of people per breach.

The 5 failures to use blind carbon copy (BCC) resulted in an average of 601 people effected in each personal information breach.

IT Security

While the number of cyber incidents related to hacking, brute force and other failures of IT security is only a fraction of the total breaches reported, there still remains a need for continued improvement in this area.

Brute force and SQL injection attacks are great examples where improvements made in programming and security practices can help avert a disaster. Internet-facing systems utilising SQL should be regularly updated and tested for common exploits as they appear. Remote desktop servers should no longer be available directly from the Internet, but hidden behind a Virtual Private Network (VPN), providing a deep layer of security above the security already built into a remote desktop.

Training and testing

The inescapable fact is that cybersecurity awareness, training and procedures continue to be an area for improvement for most organisations. 

While physical security is something we are all used to living with the vast majority of breaches can be eliminated through education of all levels of employees, phishing exercises and security audits.

Policy and procedure

Every organisation – commercial or not-for-profit – should regularly update and review their policies and procedures on cybersecurity.

These should include preventative measures to avoid being affected in the first place, as well as mitigation and reporting procedures so staff can quickly respond to incidents, limit any damage/exposure and report on the incident efficiently.

This will help develop further improvements to prevent future breaches and show due diligence.

Call Diamond to improve your data security

Did you know Diamond IT has consultants, technicians and account managers all specialising in data security?

Diamond IT is available to review your policies, procedures and training of your staff to protect them and your organisation against data breaches, which can be damaging and affect the reputation of your organisation. 

We can assist with social engineering awareness testing and training, improved software and firmware, security audits and Intrusion Response Plans should a breach still occur. Learn more...

If you need our assistance in improving your cybersecurity systems, call us on 1300 307 907 or contact us via the form below.

 

LET'S TALK

 

TAGS: Business Value, News and General, IT Security, Technology Consulting,

About Peter Lambert
Peter Lambert

Marketing specialist and technical blogger @ Diamond IT - I have over 25 years of experience in Information & Communications systems. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).