The initial results of Australia’s new Notifiable Data Breaches legislation are coming up with worrying results for Australian enterprises in protecting their information environments. Without even considering the recent global pandemic threats from COVID-19, the latest number of data breaches in Australia have superseded previous quarterly figures, according to the Office of the Australian Information Commissioner with most data breaches resulting from malicious or criminal attacks.
From July to December 2019, 537 data breaches were notified to affected individuals and the Office of the Australian Information Commissioner (OAIC), compared to 249 the previous year.
The leading cause of notifiable data breaches in the July to December period was malicious or criminal attack (64%), followed by human error (32%) and system error (4%). If you’re not aware of the legislation, you can find our advice here.
With most data breaches resulting from malicious or criminal attacks that could be prevented from adhering to common best practice cybersecurity standards, the need for Australian businesses to safeguard their information is becoming crucial.
“In an age where Australian enterprises are rushing to move into remote working arrangements, which increase endpoint vulnerability, preventing data breaches and improving end-point protection must be a primary concern for any organisation entrusted with personal or commercial sensitive information,” says Chief Executive Officer of Loop Secure, Patrick Butler.
“Employees, customers and users need to be made aware of that the associated organisation is still liable to meet NDB legislation, but also that they’re even more at risk from cyber-criminals attempting to steal usernames, passwords, and hack systems. Additionally, some companies in their haste can forget that there is a wide range of emerging technology and services that can ensure these vulnerabilities are mapped and eradicated prior to reaching the end-point user”, comments Butler.
With some of the compelling data coming out of the Notifiable Data Breaches October to December 2019 report, the top five sectors to report breaches were:
- Private Health Service Providers: 63 reports
- Finance: 40 reports
- Legal, accounting and management services: 30 reports
- Private education providers: 30 reports
- Mining and manufacturing: 14 reports
“Although they’ve occurred at a domestic level, a lot of these cybercrimes are enacted by offshore criminals who have nothing but time and resources to attack Australian enterprises”, comments Butler.
The Loop Secure team recently have been working on CrowdStrike technology to provide cybersecurity managed services to clients across the Australian Eastern Seaboard and have found that the most recent data breaches can be linked to named offshore adversaries as opposed to large anonymous attacks such as WannaCry and NotPetya.
“Ongoing tool development and changes in tactics, techniques and procedures seem to indicate 2019 was a transition year for many adversaries both onshore and offshore. However, one thing is clear - law enforcement efforts have not yet halted or deterred these cybercrimes, and we’re even more vulnerable now than ever.” concludes Butler.
Join us at our upcoming webinar on “The Critical Role of Endpoint Detection & Response for your Remote Workers” on Tuesday the 21st of April 2020 at 12.30pm