Security Market Segment LS
Sunday, 01 March 2020 06:05

Data breaches on the rise, phishing still a major factor Featured

Angelene Falk: "Where data breaches occur, organisations and agencies must move swiftly to contain the breach and minimise the risk of harm to people whose information has been compromised.” Angelene Falk: "Where data breaches occur, organisations and agencies must move swiftly to contain the breach and minimise the risk of harm to people whose information has been compromised.” Courtesy OAIC

Five hundred and thirty-seven data breaches were reported to the Office of the Australian Information Commissioner during the six months from July to December 2019, an increase of 19% over the previous six-month period, with malicious or criminal attacks - including cyber incidents - accounting for nearly two-thirds (64%) of the total.

This included phishing incidents which made up roughly 15% of the total. The OAIC defines phishing as, "An attack in which the target is contacted by email or text message by someone posing as a legitimate institution to lure individuals into providing personal information, sensitive information or passwords".

The OAIC said in a report issued on Friday that health service providers were again the leading industry sector reporting data breaches, accounting for 22% of the 537 reports. This does not include breaches reported under the My Health Records Act.

oaic data breaches

Given the prevalence of data breaches in this industry, the OAIC said it had drafted a plan for the sector to contain and manage breaches.

The National Data Breach notification scheme took effect in February 2018; the OAIC initially issued quarterly reports but switched to a half-yearly report from the second half of last year.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the report highlighted the danger of storing sensitive personal information in email accounts.

“The accidental emailing of personal information to the wrong recipient is the most common cause of human error data breaches,” she said.

oaic data months

“Email accounts are also being used to store sensitive personal information, where it may be accessed by malicious third parties who breach these accounts.

“Organisations should consider additional security controls when emailing sensitive personal information, such as password-protected or encrypted files.

“This personal information should then be stored in a secure document management system and the emails deleted from both the inbox and sent box.”

Other salient features of the report:

  • Human error remained a key factor in data breaches, causing 32% of NDBs
  • Finance is the second highest reporting sector, notifying 14% of all breaches
  • Most data breaches affected less than 100 individuals, in line with previous reporting periods.

Commenting on the report, Gary Jackson, the APAC vice-president of security firm Tenable, said: "The OAIC’s latest bi-annual breach figures give us a glimpse into the scale of cyber threats across Australia.

"Since the Notifiable Data Breach Scheme was introduced two years ago, the number of breaches reported has steadily increased – and this report is no different. It’s clear that Australian businesses are still struggling to combat the cyber attacks.

“This report, from July to December 2019, shows 537 breaches have been reported, with the majority of these attributed to health service providers (117), followed by finance (77) and education (49).

"The healthcare sector naturally has a target on its back, particularly with the rollout of My Health Record, but in reality any industry that is using personal data to drive innovation and collaboration is likely to be targeted as criminals look for weaknesses across rapidly expanding attack surfaces."

Adam Biviano, director, Solution Architect, ForgeRock, said the report showed how important it was for Australian businesses to ensure their access and controls systems were secure and constantly assessed for potential faults.

"Private health was once again the country’s most affected sector. With human error causing 43% of data breaches in this sector, and access to connected care services becoming more commonplace, the report once again highlights why providers must reassess how they handle customer identity information and communicate patient data collection and use policies," he said.

"Malicious or criminal attacks also remain the leading cause of data breaches, but with human error the second leading cause, the report also highlights the need for Australian businesses to invest in consolidated identity management strategy for both customers and employees to ensure they are secure on all levels of operation.

"Organisations that take the necessary steps to safeguard customers' identity information will build brand trust, ensure compliance and help achieve their objectives. With consumer data right initiatives set to soon expand beyond sectors like finance, the mantra 'no data about me, without me', has never been more applicable.”

Graphics: courtesy OAIC

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments