Malicious attacks leading source of data breaches
Malicious attacks were the leading source of data breaches, according to the Office of the Australian Information Commissioner Notifiable Data Breaches Report for July December 2022.
The report captures notifications received under the NDB scheme from 1 July to 31 December 2022.
The OAIC received 497 notifications for the period, up 26%. There were 76 notifications in July, 80 in August, 87 in September, 84 in October, 78 in November and 92 in December.
There was a 41% increase in data breaches resulting from malicious or criminal attacks.
According to the report, the sources of data breaches were malicious or criminal attack – 70%, human error – 25%, system fault – 5%. Moreover, 45% per cent of all data breaches resulted from cyber security incidents (222 notifications).
The breakdown of cyber incidents was ransomware – 29%, compromised or stolen credentials (method unknown) – 27%, phishing (compromised credentials) – 23%, brute-force attack (compromised credentials) – 9%, hacking – 8%, malware – 4%.
The top causes of human error breaches were, personal information sent to wrong recipient (email) – 42%, unauthorised disclosure (unintended release or publication) – 33%, failure to use BCC when sending email – 6%.
"In the latest OAIC update, we continue to see the majority of incidents reported involving employees and compromised identities," says Murray Mills, Manager Cyber Security, Tecala.
"This trend is expected to continue and increase as the distribution of PII and credentials are distributed amongst threat actors, enhancing the success of phishing attempts, ransomware campaigns, and malware," he says.
"We recommend that organisations continue to focus on protecting identity, ensuring employees are across the latest attack techniques via cyber security training. In addition, businesses need to consider the layered defences they have in place to protect all their critical assets, including employees," Mills says.
"They should also look to penetration testing, vulnerability management and cyber assessments as a critical way of understanding their business risks. A cybersecurity strategy encompassing all these components has never been so important."
Anthony Daniel, Regional Director Australia, New Zealand and Pacific Islands, WatchGuard Technologies, says the latest data suggests that aside from planning their response to a potential attack, businesses should ensure that they maintain a keen eye on staff cybersecurity training and awareness across their operations.
"In addition, they need to keep their prevention and detection technologies top of mind by ensuring that they have the appropriate protective controls in place," he says.
"While we must unfortunately assume compromises will occur and while it only takes one cybercriminal to cause untold damage. a properly configured security solution that provides full visibility into the environment with robust automated response capability can help fortify an enterprises cybersecurity posture and thwart bad actors before a breach can take hold."
Scott Hesford, Director Solutions Engineering APAC at BeyondTrust, says recent high profile data breaches have highlighted the impact that stolen credentials can have on organisations and their customers.
"The latest OAIC Notifiable Data Breaches report shows the extent to which the problem exists: 59% of cyber incidents reported in the period of July-December 2022 involved compromised or stolen credentials," he says.
"Often stolen credentials have associated privileges beyond what is needed allowing attackers to inflict more damage accessing sensitive data or installing malicious code, for example than what they would be able to do if the privileges were removed or reduced.
"In addition, password re-use, particularly between breached personal accounts and corporate accounts, compound the issue and highlight the importance of credential rotation for privileged accounts.
"The ACSCs Essential Eight calls for organisations to implement application control, restrict admin privileges and harden user applications, all of which would reduce the severity of breaches."
Meanwhile, Martin McGregor, CEO and Co-Founder, Devicie, says that while the reports are becoming increasingly useful when characterising reported breaches, it's important to be aware these statistics are only just scratching the surface of data breaches that occur in Australia.
"We need to see greater education and enforcement of the privacy principles, to ensure organisations know exactly where citizen data is stored and they maintain methods of detecting unauthorised access to it, which according to the report represented the greatest cause for data breaches," he says.
"Still, the overwhelming majority of organisations that hold and depend on sensitive citizen data in Australia don't sufficiently track their sensitive data, let alone have the capacity to detect data breaches, far from having the ability to report it as we continue to see in the media when breaches are discovered when criminal groups publicly expose these offenders.
"Too many organisations are acting like victims of cyber-attacks instead of understanding their customers are the victims and they are failing to meet their obligations to them."