Data breaches occur almost every day, exposing the credit card numbers, social security numbers, mobile numbers, email addresses, passwords, and other sensitive data of thousands of people.
Unsurprisingly, the figures from the Australian Information Commissioner’s (OAIC) latest quarterly statistics report of Notifiable Data Breach (NDB) Scheme shows security breaches and cyber crimes are soaring again in Australia.
The privacy watchdog’s mandatory report reveals the trends and developments about notifications made under the NDB scheme within the short period of 1st April to 30th June 2019. Let’s take a closer look at this to anticipate the key takeaways, and incorporate adequate cybersecurity accordingly into practice.
Health Remains Top, But Finance Is Catching Up
A total of 245 disclosed information breaches – the second-highest number of infringements in a quarter over the past year!
The healthcare sector topped the quarter with about 47 (19 per cent) notifiable data breaches, and the finance sector was a close second with figure 42 (17 per cent). Following these are the legal, accounting and management services, education, and retail sectors with 24, 23, and 15 data security violations reported, respectively.
Major Factor – “Human Element”?
The chart reveals the sources of data breaches as identified by the top five entities:
Of the security issues reported by the health sector, 53 per cent are the results of human error, and of those notified by the next topmost sector, 50 per cent (21) were due to malicious attacks, 18 were caused by human error, and three by system faults. This means OAIC has witnessed a notable spike in the number of reported breaches where the underlying reason has been human error in the health and finance sectors, this quarter.
Diving more into the statistics, it can be perceived that roughly one in three information breaches were the outcomes of compromised login credentials. Malicious/criminal attacks accounted for nearly 62 per cent (as opposed to 61 per cent the prior quarter), human error for a total of 34 per cent (as opposed to 35 ), and system faults for four per cent (unchanged).
However, human errors like, clicking on phishing emails or reusing passwords over multiple services were constant culprits in cases of large-scale malicious cyber breaches!
Information Categories Accessed
See the breakdown of sorts of personal information accessed in reported data breaches, this quarter:
Across all domains, the prime category of personal information involved in notified cases was contact details. In the preceding quarter, breaches with exposure of contact information were 186. This time, the number has jumped to 220, which is an 18 per cent increase.
In terms of per cent, the sources of the transgressions have remained relatively consistent with the previous quarter.
Overall, the whole of 245 security concerns reported is consonant with past quarters, as is the number of malicious and accidental breaches. The point that there is a HUMAN FACTOR involved in so many incidents fortifies the urgency for staff training to enhance the perception of cyber risks, and take quintessential precautions to prevent all potential risks.
The quarterly release has intensified awareness of the privacy rights of customers, who are demanding more elevated cybersecurity from the organisations with which they share personal information.
So, the onus is now on organisations to further commit to the best IT security practices to resist data breaches and improve response strategies.