Criminals Are Driving Australian Data Breaches

Uploaded on 2018-08-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Malicious or criminal attacks accounted for the majority of data breaches reported to the Office of the Australian Information Commissioner in the three months to 30 June.

The OAIC has released its second report on the Notifiable Data Breaches (NDB) scheme. The report revealed that 59 percent of the 242 breaches reported to the privacy watchdog during the quarter were attributable to malicious or criminal attack.

Thirty-six percent related to human error and 5 percent to a system fault.

The overwhelming majority of those breaches, 97, related to ‘cyber incidents’ (31 related to data or paperwork theft, seven to insider threats and seven to social engineering).

The most common attack vector was credentials that were compromised or stolen by some unknown method, 34 per cent, followed by credentials compromised by phishing (29 per cent) and compromised by brute-force attacks (14 per cent).

As with the first report issued as part of the NDB scheme, the health sector dominated with the largest number of breaches. Forty-nine of the breaches were reported by health service providers, followed by finance (36 breaches), legal, accounting and management services (20), education sector (19) and business and professional associations (15).

The NDB scheme commenced on 22 February, making the new report the first to cover a full quarter of operation.

The scheme obliges organisations to report data breaches to the OAIC and notify affected individuals when there is a risk of “serious harm”.

The NDB scheme covers businesses with annual turnover greater than $3 million. Also subject to breach reporting obligations are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.

“Notifications this quarter show that one of the key aims of the scheme, ensuring individuals are made aware when the security of their personal data is compromised, is being met,” said acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

ComputerWorld:

You Might Also Read:

Cybercrime Is A Real Economic Threat:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« Estonia’s Cyber Revenge
Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

National Cyber Security Centre (CNCS) - Portugal

National Cyber Security Centre (CNCS) - Portugal

CNCS is the operational coordinator and Portuguese national authority in cybersecurity working with State entities, and digital service providers

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.

Soteria Cybersecurity

Soteria Cybersecurity

Soteria is your trusted Cybersecurity Partner in IT and OT.