Story image

NDB report: Stronger authentication practices needed

14 May 2019

The Australian Information Commissioner (OIAC) has released the latest quarterly report on the notifications under the Notifiable Data Breaches scheme.

The report found that the majority of the data breaches were on a more targeted scale, involving 100 individuals or fewer.

Most of the data compromised were contact information from malicious or criminal attacks.

Here is what some of the executives in the industry had to say about the report:

Sophos A/NZ managing director John Donovan

According to the latest OAIC report, the healthcare sector has once again topped the list for the most data breaches - with 58 reports of data breaches in the last three months (up 7.4% compared to the previous quarter).

What’s more, malicious and criminal attacks again account for the highest proportion of breach notifications in Australia, followed by human error.

It is very concerning to see health service providers continuing to be targeted and successfully breached by attackers. It goes without saying that this industry is dealing with incredibly sensitive and personal data and, as such, has a huge responsibility to the people of Australia to protect their data effectively. 

The report serves as a reminder to the healthcare industry to implement robust security practices to protect the extremely sensitive data they are entrusted with.

Ping Identity APAC chief technology officer Mark Perry

Enhanced security measures can counter the risk of a breach occurring but have historically been met with employee and management pushback, courtesy of the fact they were perceived as onerous. 

The positive news is that we should see the tide turning with the increasing adoption multi-factor authentication (MFA)  and the introduction of adaptive authentication, self-service capabilities and phone-as-a-token authentication.

Out-of-the-box APIs, SDKs and integration kits continue to reduce the expense and complexity associated with implementation and cloud-delivered solutions, which require minor oversight to run effectively, have seen infrastructure and administration costs plummet. 

Aura Information Security Australia country manager Michael Warnock

While cyber-protection software has a role to play in preventing attacks and provide a sense of comfort to a chief information security officer, human error, carelessness and gullibility allow many a hacker to slip through the cordon. 

This should raise alarm bells for anyone responsible for company compliance and risk management. 

2019 should be a year in which information security is finally viewed as not just the remit of the IT department but an integral component of every employee’s role.

LogMeIn Asia Pacific and Japan VP Lindsay Brown

Similar to last quarter, the Notifiable Data Breaches Q1 2019 report found that malicious or criminal attacks accounted for the majority (61%) of reported data breaches (131 of the 215 breaches).

Of these attacks, 67% involved compromised or stolen credentials collected through various means including phishing and brute-force attacks.

While more and more organisations are looking at ways to mitigate the risk around passwords they continue to be an avenue for malicious actors to infiltrate businesses who rely on their users to do the right thing when it comes to credentials.

With the threat to the digital landscape worsening, organisations must be keenly aware of the importance of their employees having strong passwords. It’s important that businesses establish password requirements, such as minimum length, and complexity. 

Ideally, passwords should have a mix of characters (uppercase, lowercase, symbols, and numbers), avoid words straight out of the dictionary, and be as long as possible – ideally no shorter than 14 characters.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.