Information Commissioner puts focus on prevention as cyber criminals target human vulnerability


Australian Information Commissioner and Privacy Commissioner Angelene Falk

The Australian Information Commissioner has called for better staff training to prevent data breaches, following a new report.

One in three data breaches between 1 April and 30 June 2019 were caused by compromised credentials, according to the latest Notifiable Data Breaches (NDB) report from the Office of the Australian Information Commissioner (OAIC).

Malicious or criminal attacks were the largest source of data breaches in the quarter, accounting for 62% of all data breaches. Of these 151 cases, nearly 70% involved cyber incidents, such as phishing, malware or ransomware, brute-force attacks, or stolen credentials.

The report found that human vulnerabilities regularly played a part in breaches. For example, individuals clicking on a phishing email or reusing their passwords across services puts their personal information at high risk. Commissioner Angelene Falk believes this is cause for concern.

“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” she said.

Most cases (62%) involved the personal information of 100 individuals or less.


READ MORE: Almost 1000 data breaches in a year, and citizens don’t know who to trust with privacy


Of the sectors surveyed, private health service providers were responsible for 19% of data breaches, with the finance sector accounting for 17%. They were followed by the legal, accounting and management services sector with 10%, private education with 9%, and the retail sector with 6%.

Overall, the total of 245 data breaches remains consistent with previous reports.

The NDB scheme has become an effective tool for organisations to notify individuals and the commissioner about breaches, according to Falk. She urged organisations to “further commit” to the reporting regime while improving their response strategies.

“Effecting change in practices to prevent breaches is vital to the goal of protecting the community. Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information,” she noted.

Falk — who is also the Privacy Commissioner — said the OAIC will continue to exercise its enforcement powers and support the NDB scheme to protect consumers.

Future statistical reporting on the NDB scheme will shift to six-monthly intervals.

Information on preventing and responding to breaches can be found on OAIC’s website.

About the author
Premium

The essential resource for effective public sector leaders

Special offer on now: Subscribe for a year to Mandarin Premium, get two outstanding books free.

Get Premium Today