Story image

Blame culture only makes data breaches worse

08 Feb 2019

Australians have discovered that, far from being an isolated island nation that no one wants to attack, local businesses are just as at-risk from cyber threats as any other business in the world. 

In fact, the most recent report from the Office of the Australian Information Commissioner (OAIC) based on notifiable data breaches (NDB) suggests that Australian organisations face significant challenges in keeping data secure. 

However, businesses won’t be able to improve their security stance until they move on from a culture of blaming the victim and begin sharing information more readily, according to Palo Alto Networks. 

“The great thing about the NDB legislation is that businesses are coming forward to report that they have been breached and hopefully this means that others can learn from what’s happened to them,” says Palo Alto Networks Asia Pacific and Japan vice president and chief security officer Sean Duca. 

“Rather than hiding the fact that they’ve been attacked, businesses have been forced to bring it out into the open. More work needs to be done to learn from these breaches so we can all better defend ourselves. Saying that it was malware or a misconfiguration in an application is not enough; we need to know more and also ask ourselves and our business could this happen to us.

“In the past, businesses have been reluctant to admit when they’ve been breached because the backlash has been immediate and harsh. Instead of focusing on the breach itself and lessons that can be learned, there is a heavy focus on criticising the business for being attacked in the first place. This focus needs to shift so the entire business ecosystem can benefit from increased information sharing.”

Cyber criminals learn from every security breach - they discover weak points and possible vulnerabilities, and they learn how to exploit them for maximum gain. 

Businesses must take the same approach in terms of learning from attacks and determining the best way to close those gaps and protect against future breaches. 

“For example, Australian software-as-a-service vendor, PageUp suffered a high-profile breach last year and was pilloried for it. There needs to be a new culture in which companies that suffer breaches feel confident to share more information,” Duca says.

“As James Turner said not long after the breach was disclosed: ‘The first lesson is that we need the victim to survive. Once PageUp is safely through this incident, one of the most valuable things its executives can do for the industry is to share their experiences and the lessons learnt.’ 

“This is key. Until organisations feel safe in sharing that information, other businesses won’t be able to learn from these breaches. This will mean Australian organisations will always be at least one step behind the cybercriminals.”

Putting learning in the hands of every organisation, from small businesses to large enterprises, will help boost the immunity of all organisations in the country. 

However, businesses will only be able to do so when the response to breach disclosures moves on from victim-shaming and focuses on the lessons that can be learned. 

Why Aussie companies are struggling with data
The top culprits in poor data quality in Oz are human error, different data sources, lack of comms, inadequate strategy, and too much information.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Pure Storage expands enterprise data management solutions
It has integrated StorReduce technologies for a cloud-native back up platform, and expanded its data fabric solution for cloud-based applications.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
TIBCO announces API management solution with cloud-native design
The platform aims to deliver key API management capabilities for enterprises adopting cloud-native development and deployment practices.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
How to gain an edge with data analytics in 2019
"With greater reliance on AI and machine learning comes human hesitation about the trustworthiness of model-driven recommendations."
Veeam achieves backup certification for SAP HANA
"SAP HANA enterprise customers can take advantage of Veeam’s backup solution for their performance-sensitive SAP environments."