Story image

Blame culture only makes data breaches worse

08 Feb 2019

Australians have discovered that, far from being an isolated island nation that no one wants to attack, local businesses are just as at-risk from cyber threats as any other business in the world. 

In fact, the most recent report from the Office of the Australian Information Commissioner (OAIC) based on notifiable data breaches (NDB) suggests that Australian organisations face significant challenges in keeping data secure. 

However, businesses won’t be able to improve their security stance until they move on from a culture of blaming the victim and begin sharing information more readily, according to Palo Alto Networks. 

“The great thing about the NDB legislation is that businesses are coming forward to report that they have been breached and hopefully this means that others can learn from what’s happened to them,” says Palo Alto Networks Asia Pacific and Japan vice president and chief security officer Sean Duca. 

“Rather than hiding the fact that they’ve been attacked, businesses have been forced to bring it out into the open. More work needs to be done to learn from these breaches so we can all better defend ourselves. Saying that it was malware or a misconfiguration in an application is not enough; we need to know more and also ask ourselves and our business could this happen to us.

“In the past, businesses have been reluctant to admit when they’ve been breached because the backlash has been immediate and harsh. Instead of focusing on the breach itself and lessons that can be learned, there is a heavy focus on criticising the business for being attacked in the first place. This focus needs to shift so the entire business ecosystem can benefit from increased information sharing.”

Cyber criminals learn from every security breach - they discover weak points and possible vulnerabilities, and they learn how to exploit them for maximum gain. 

Businesses must take the same approach in terms of learning from attacks and determining the best way to close those gaps and protect against future breaches. 

“For example, Australian software-as-a-service vendor, PageUp suffered a high-profile breach last year and was pilloried for it. There needs to be a new culture in which companies that suffer breaches feel confident to share more information,” Duca says.

“As James Turner said not long after the breach was disclosed: ‘The first lesson is that we need the victim to survive. Once PageUp is safely through this incident, one of the most valuable things its executives can do for the industry is to share their experiences and the lessons learnt.’ 

“This is key. Until organisations feel safe in sharing that information, other businesses won’t be able to learn from these breaches. This will mean Australian organisations will always be at least one step behind the cybercriminals.”

Putting learning in the hands of every organisation, from small businesses to large enterprises, will help boost the immunity of all organisations in the country. 

However, businesses will only be able to do so when the response to breach disclosures moves on from victim-shaming and focuses on the lessons that can be learned. 

Why an IT resilient strategy needs to be in the modern CIO’s toolkit
"Having an IT resilience strategy in place allows an organisation to smoothly adjust to change."
Tollring partners with Novum Networks for call analytics
Novum Networks has added the full complement of Tollring’siCall Suite cloud analytics to its product portfolio.
Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.
Data#3 wins learning and development award two years running
Chief Learning Officer magazine’s LearningElite programme honours the best organisations for learning and development.
Avaya partners with Standard Chartered to deliver CX transformation
"Avaya is proud to be supporting this venerable financial institution as it continues to evolve and transform to meet the needs of its clients.”
Hootsuite leads the social engagement charge - Forrester report
“Hootsuite leads the pack with its seller focus and scale,” writes Forrester principal analyst Mary Shea.