Australian Businesses and organizations operate under the Notifiable Data Breaches (NDB) scheme, which specifies that each data breach must be made public to the authorities and the affected customers or users.
To avoid public exposure and loss of credibility, many Australian companies and organizations invested more in their IT security. However, the results are not as good as you might have expected since the NDB authorities received 812 notifications of data breaches since the scheme went into effect. Moreover, according to the Office of the Australian Information Commissioner (OAIC), 262 data breaches happened in the last quarter of 2018!
The incidents led to 94 cases of compromised identity and over 17,000 of leaked personally identifiable information. As it turns out, the blame can be attributed to a combination of human error incidents (33%) and malicious or criminal attacks (64%).
The most common form of attack was phishing (43% of cases), which led to the conclusion that the weakest link of Australian organizations is represented by its users. Of course, organizations were also affected by more serious attacks such as ransomware, malware, and brute-force, but the easiest way is through the people who use the system every day (employees, partners, other users).
The Health Sector is in the Lead
Sadly, the Australian health sector is still reporting the greatest number of breaches, with 54 cases (20.6%).
But this is not an issue only in Australia! The US also goes through a similar crisis, where industries that work with people’s personal data are constantly being breached. Just like in Australia, the American health sector is still in the lead, with 24% of organizations being affected.
For the US organizations, the top breach type is human error (34% of cases) with 79% of compromised data being medical information.
In both countries, the main threat for the data is internal (represented by staff and other people who have access to the system).
Other Affected Industries
In Australia, the second place is occupied by the financial sector (40 cases), and the legal, accounting and management services come into third with 23 cases. Finally, we have education organizations with 21 cases in the fourth position.
In the US, we have Accommodations and Food Services in second place and Public Administration into thirds. In both industries, the most common breach type is hacking, with 93% and respectively 52% of cases.
This suggests that the main type of threat is external, which suggests a better security education for employees and other users of the system.
How to Stay Protected Against Data Breaches?
While both Australian and US authorities only work with data from reported breaches (there may be other latent ones), the conclusions are alarming!
Public industries such as the healthcare sector deal with highly sensitive information that can be used for a wide range of criminal acts, which is why we need an urgent review of their security systems. Moreover, employees and other members of the staff must be educated to respect basic security protocols.
But the responsibility isn’t just with the human factor. Poor IT security regulations within public organizations and companies should be a thing of the past, especially considering there are so many ways to reduce the risk of a breach. Here are some of the most secure methods to use:
- Multiple layers of security for users (read more).
- Companies and organizations that use G Suite should follow these 7 security steps.
- Make sure sensitive information are kept only on secure stations. This way, in the case of a breach, the hackers can’t reach patient information or other highly-sensitive data.
If you don’t know where to start, Onsite Helper can provide a free scan of your systems and provide a report on what needs to be fixed.
At the end of the day, no system is impenetrable, but we shouldn’t make it easier for cybercriminals!