It is clear from the latest OAIC (Office of the Australian Information Commissioner) report that all Australians need to address education around data security...
According to this latest report – “People” are still the problem.
While the number of reported incidents remain steady, the concern remains that the vast majority of breaches reported included some sort of human error, whether it be an accidental dispatch of confidential information or falling victim to a phishing email. External threats such as hacking and brute force attacks make up only a small fraction of all breaches.
To understand more about Cybersecurity and how to protect yourself, read the following:
- 9 Cybersecurity terms you should know
- Mega-breach "Collection #1"
- The biggest threat is your own team
Highlights from the latest OAIC report
Human intervention
34% of all breaches reported were from a direct human error without any social engineering. Of the 151 breaches that came from malicious attacks, around 100 can be safely attributed to social engineering.
Therefore, of the 245 reported breaches, we can estimate that 185 were due to people and their lack of training and procedures, and not the lack of effectiveness of their technology against data breaches.
That’s 75.5%, roughly ¾ of all breaches.
Human error
34% of the quarter’s breaches that were due to human error were not insignificant. “Unintended release or publication” of personal information contributed 15 incidents to the quarter, exposing a massive average of 9479 of people per breach.
The 5 failures to use blind carbon copy (BCC) resulted in an average of 601 people effected in each personal information breach.
IT Security
While the number of cyber incidents related to hacking, brute force and other failures of IT security is only a fraction of the total breaches reported, there still remains a need for continued improvement in this area.
Brute force and SQL injection attacks are great examples where improvements made in programming and security practices can help avert a disaster. Internet-facing systems utilising SQL should be regularly updated and tested for common exploits as they appear. Remote desktop servers should no longer be available directly from the Internet, but hidden behind a Virtual Private Network (VPN), providing a deep layer of security above the security already built into a remote desktop.
Training and testing
The inescapable fact is that cybersecurity awareness, training and procedures continue to be an area for improvement for most organisations.
While physical security is something we are all used to living with the vast majority of breaches can be eliminated through education of all levels of employees, phishing exercises and security audits.
Policy and procedure
Every organisation – commercial or not-for-profit – should regularly update and review their policies and procedures on cybersecurity.
These should include preventative measures to avoid being affected in the first place, as well as mitigation and reporting procedures so staff can quickly respond to incidents, limit any damage/exposure and report on the incident efficiently.
This will help develop further improvements to prevent future breaches and show due diligence.
- 9 Cybersecurity terms you should know
- Mega-breach "Collection #1"
- The biggest threat is your own team
Call Diamond to improve your data security
Did you know Diamond IT has consultants, technicians and account managers all specialising in data security?
Diamond IT is available to review your policies, procedures and training of your staff to protect them and your organisation against data breaches, which can be damaging and affect the reputation of your organisation.
We can assist with social engineering awareness testing and training, improved software and firmware, security audits and Intrusion Response Plans should a breach still occur. Learn more...
If you need our assistance in improving your cybersecurity systems, call us on 1300 307 907 or contact us via the form below.