IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Expert comment: Latest NDB report shows Aus is being targeted

By Kai Ping Lew
Thu 7 Feb 2019
FYI, this story is more than a year old

The Office of the Australian Information Commissioner (OIAC) has released its latest Notifiable Data Breaches report.

The report, covering the period from October 1, 2018, to December 31, 2018, found that 64% of the reports were the result of malicious or criminal attacks, three percent were the result of system faults, and 33% were the result of human error.

The Commission received 262 notifications in the three months, the highest number since the commencement of the NDB scheme.  

Personal contact information represented 85% of the notifications received.

Here’s what security experts and executives had to says about the latest OIAC report.  

SailPoint chief product officer Paul Trulove 

This is the fourth Quarterly Statistics Report issued by the OAIC, and we are seeing the same patterns continue as in the last three reports.

Health service providers, finance and professional services firms have again made up the top three industries that notified the OAIC of eligible breaches.

And malicious or criminal attacks again accounted for most notifications, followed by human error.

With only four reports issued, spanning a period of less than a year, it’s impossible to say whether we’ll see these patterns continue, especially as Australian businesses are still learning how to report breaches.

However, the report findings do highlight that Australian businesses have a lot more work to do to improve their security posture.

Australian organisations are struggling to see and understand the risks associated with compromised user credentials, as demonstrated by 43% of cyber incidents involving phishing, 8% resulting from brute-force attacks and 24% from compromised or stolen credentials.

The report reiterates that an organisations’ users have become the easiest route into an organisation for hackers.

This is a trend we do not expect will ease up, as hackers now know that users offer them the keys to the proverbial kingdom, once compromised.

The most secure path forward for organisations today continues to be taking a comprehensive approach to security, one that puts identity governance at the centre, ensuring visibility and governance over all users and their access to all applications and data.

I’m not surprised health service providers for the fourth consecutive report had the highest number of notifications of any sector.

Health service providers are a gold mine of valuable personally identifiable information for cybercriminals, especially as more health information is digitised.

Aura Information Security Australia country manager Michael Warnock

As the number of data breaches continues to remain consistent from quarter to quarter, and as we see more companies transitioning to the cloud, business and IT managers should understand that there is sufficient data risk if insecure cloud practices aren’t addressed with robust security measures and ongoing workforce education.  

Many mid-sized businesses will remain a happy hunting ground for cybercriminals as company management continue their reluctance to allocate investment for high tech protection.  

At the same time, they just don’t expect an attack will happen to them so they refrain from elevating the issue on their training agendas.

The harsh reality is, cyber attacks will continue to grow in both frequency and complexity over the coming year and Australian businesses are a target.  

Both business and IT teams should accept the threat is present, implement ongoing training to teach employees to recognise potential threats, adopt responsible data protection behaviour and allocate sufficient funds to cover protection measures commensurate with their organisation’s risk profile.

LogRhythm Asia Pacific and Japan senior regional marketing director Joanne Wong

Companies in 2019 must take a more holistic approach to cybersecurity and practice good IT and security hygiene such as patching systems and applications, updating and modernising their systems, applications and infrastructure, and controlling access to only those that need access.  

They also need to be able to validate identities and encrypt or apply other safeguards to critical business systems and data.

There’s no doubt that any company having anything of digital value will eventually be compromised.  

The question for management and IT teams is how fast can their security operations team detect these compromises and neutralise the threats.  

Ping Identity APAC chief technology officer Mark Perry

This latest report is a reminder of the fact that balancing security with customer convenience and employee productivity has never been an easy exercise and the race is on to secure enterprise resources before hackers have a chance to breach them.  

The good news is that there is really no excuse these days as modern authentication solutions provide the means to secure the most common enterprise attack vectors without getting in the way of the employees, partners and customers who need access.   

Those organisations seeking to build trust and transitioning to a more hybrid IT infrastructure need to safeguard customer, proprietary and partner data.  

As a result, IT professionals need to understand the value and effectiveness of the appropriate security controls for their businesses before taking a one size fits all approach to protecting data.

WatchGuard Technologies A/NZ country manager Mark Sinclair

No organisation has perfect security but successful companies staying out of these quarterly OAIC NDB reports will have business continuity plans and will have put in place a well-balanced cybersecurity strategy that spreads funds across threat prevention, detection and response, user education, business continuity and disaster recovery.  

Why not test that plan in 2019 to see your technology and employee response in the event of a disaster?

Prior preparation could be the difference between picking up the pieces and shutting down.

Zscaler A/NZ country manager Budd Ilic

This quarterly report would suggest that with almost every breach, you can always take it back to poor IT and security hygiene as the root cause.  

At the same time, it's becoming increasingly clear that traditional security solutions are no longer up to the task when it comes to protecting organisations.

Our environments and architectures are now so complex it’s difficult, if not impossible for practitioners to effectively monitor their environments and is a contributing cause to incidents like this.  

The growing usage of mobile devices and cloud-based applications and services means users are not protected, and internet gateways are unable to handle advanced threats. 

Cloud-based security platforms which remove complexity from within the organisation and ensures comprehensive protection are an option for organisations who need to build a perimeter around all users regardless of their location and endpoint device.

Related stories
Top stories
Story image
AGVs
Bridgestone Australia uses Dematic's AGVs to optimise warehouse operations
Bridgestone Australia has deployed Dematic's Automated Guided Vehicle solution across its new Melbourne warehouse in Truganina.
Story image
Adobe
Marketplacer and Adobe accelerate partnership for enhanced commerce solutions
Marketplacer has accelerated its partnership with Adobe in order to further enhance the global commerce marketplace.
Story image
Capital
Rubber Monkey gears up for Aussie market with latest capital raise
Rubber Monkey is seeking to raise up to NZ$2.5 million of new capital through online investment platform, Snowball Effect.
Story image
ABI Research
NaaS market expected to reach $150B by 2030 - research
"The market is immature and fragmented, but telco market revenue will exceed US$75 billion by 2030 if they act now and transform to align with requirements."
Story image
Compliance
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
Documentation
Adobe study finds lack of digital trust and utilisation in Australian Government agencies
New research commissioned by Adobe has revealed a significant lack of digital trust within Australian Government departments, along with the continued underutilisation of key digital processes.
Story image
Cybersecurity
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Document Management
NZ's FileInvite raises $10M in latest investment round
FileInvite has raised $10 million in Series A investment to fast-forward the extinction of email for requesting and collecting documents online.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Training
Barracuda customises training to fit ACSC Essential Eight
Barracuda has announced that its Security Awareness Training now provides a customised training curriculum in line with the Australian Cyber Security Centre’s (ACSC) Essential Eight.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Recruitment
Thales on recruitment hunt for next disruptive innovations
"Recruiting new talent is part of Thales's belief in the power of innovation and technological progress to build a safer, greener and more inclusive world."
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
SOTI
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Story image
ASI Solutions
Western Australia CUA panel picks ASI as preferred supplier
Western Australia's Common User Arrangement (CUA) panel has chosen ASI Solutions as a preferred supplier for device hardware.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Low-code
Appian unveils low-code certification program in Australia
Appian has announced a program to provide the next generation of low-code developers with access to education on the subject and certification to foster career opportunities.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Storage
EXCLUSIVE: Finding the best data center for your business needs with datacenterHawk
Companies using cloud are consistently looking for the best storage solutions to suit their enterprise needs and often have to go through rather complex processes in order to find the right fit.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Artificial Intelligence
Decision Inc. partners with provenio.ai to expand offering
Decision Inc. Australia has partnered with provenio.ai to expand its offering to clients in the retail, FMCG, manufacturing, supply chain and logistics sectors.