From the CTO: Analysing the latest OAIC Notifiable Data Breaches Report

As compute power becomes ever cheaper and easier to access, so is the amount of automated cyber-attacks that are utilising the power of the cloud.

According to the Office of the Australian Commissioner’s (OAIC) Report the amount of breach notifications increased in the last reporting quarter to June 2019. Malicious or criminal attacks accounts for 62% of all breach notifications in that quarter whilst 34% were a direct result of human error.

OAIC - Source of data breaches by percentage — All sectors - (Chart 1.4 - Page 7)

OAIC - Source of data breaches by percentage — All sectors - (Chart 1.4 - Page 7)

Many malicious or criminal attacks this quarter exploited vulnerabilities involving humans either clicking on Phishing emails or using stolen credentials by some other means. Health Providers topped the list of sectors with the most breaches whilst financial organisations came in a close second. Interestingly Legal / Accounting, Education and Retail round out the top 5 reporting sectors.

With the growing cyber security skills shortage we expect to see these numbers rise over the months and years to come. It is now imperative that organisations take steps to protect their critical assists. Far too many organisations still believe that being in the “Cloud” means their assets are protected.

There is still a lack of understanding around new Data Breach Notification laws in Australia as to what constitutes a breach and a lot of people we speak to have still never heard of the EU’s General Data Protection Regulation (GDPR) 18 months after their enforcement.

Severe penalties await those global organisations who do not comply.

Organisations can take a number of simple steps to start to improve their security posture and one of the first should be increased education for your staff. A blend of hardware and software is required to fight highly automated software driven attacks but a well educated Human workforce is your first line of defence.

As always, we welcome the opportunity to analyse your IT environment, implement a plan to educate your staff and ultimately deliver a robust cyber security posture for your organisation - now and into the future.

Regards,

Chris Mearns
CTO & Founder

Protect, Insights, AnalysisMurdoch WebsterCTO, Protect, Analysis, Report