Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, September 04, 2019

The OAIC Lays Out Just How Bad Security Is In Australian IT. Attacks Coming From Both Malicious And Stupid!

The release of this report made a lot of news last week:
We had this:

Millions affected by data breaches

Data breaches are again on the rise, with millions of Australians believed to have been caught up in security breaches in the first half of this year.
A report from the Office of the Australian Information Commissioner (OAIC), released late Tuesday night, revealed that millions of Australians are believed to have been affected by data breaches in the three months to 30 June.
High profile data breaches in the last few months include Canva, which had a breach affecting an estimated 139 million users globally, and property valuer Landmark White which lost millions of dollars in a breach earlier this year.
The OAIC’s report on the Notifiable Data Breaches (NDB) scheme said there was one breach affecting “10,000,001 or more” people.

In total the office received 245 breach notifications during the quarter, up from 215 in the prior quarter.
The report said most of the breaches (79 perc ent) were “linked to compromised credentials” obtained through phishing, brute-force attacks or other methods.
“Many incidents this quarter exploited vulnerabilities involving a human factor,” the OAIC said in a statement.
“This included individuals clicking on a phishing email or use of credentials that had been compromised or stolen by other means (such as in another data breach) to obtain unauthorised access to personal information.”
The leading industry to be hit by data breaches was health services providers with 47 breaches (19 per cent), followed by finance (17 per cent) and legal, accounting and management services (10 per cent).
Darren Hopkins, partner at McGrathNicol Advisory, said the report shows that the level of sophistication in attacks has increased and the ability to detect an attack is becoming more difficult.
"The average loss our firm has seen as a result of data breaches has grown to over $700,000 with a number of matters incurring losses into the millions," he said.
“The trends outlined in the report are also consistent with what are seeing in our advisory work. It is clear that attackers responsible for major data breaches are adapting as quickly as the market is in trying to prevent them, and it is critical that businesses are always one step ahead of their threats.
Lots more here:
Also – among others we have:

Malicious, criminal attacks dominate data breaches in Australia

Malicious or criminal attacks were the largest source of data breaches in Australia in the three months to the end of June this year, accounting for 62% of all data breaches, according to a new report.
Of these 151 data breaches, 69.5% involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, or compromised or stolen credentials.
The Notifiable Data Breaches report from the Federal Government’s Office of the Australian Information Commissioner (OAIC) released on Wednesday, also reveals that while malicious or criminal attacks dominated data breaches, human error – the second largest source of breaches - accounted for 84 data breaches and system faults for 10 breaches.
Human error breaches involved breaches such as sending personal information to the wrong recipient via email (35%), unauthorised disclosure through the unintended release or publication of personal information (18%), as well as the loss of paperwork or data storage device (12%).

System faults accounted for 4% (10 breaches) of data breaches in the quarter, with the majority involving a system fault resulting in the unintended release or publication of personal information.

“This may include the disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person,” the report says.
The OAIC report also reveals that theft of paperwork or data storage devices was another source of malicious or criminal attacks (14.5 %) – while other sources included actions taken by a rogue employee or insider threat (8%), as well as social engineering or impersonation (8%).
More here:
The breakdown of causes showed there is really an active war being waged by the ‘bad guys’
The full report here is worth a browse:
On a slightly different tack this also appeared a day or so ago.

Email security architecture vulnerability to cybercriminals attacks needs reassessment  

Email remains one of the key attack vectors used by cybercriminals, leaving many organisations hugely vulnerable because they don’t have adequate protection in place, according to software company Wavelink, a distributor for security vendor Fortinet
And the latest industry data shows that 94% of malware was delivered by email, demonstrating what Wavelink says is the crucial importance of securing this business-critical function.
In fact, email scams cost Australian businesses more than $60 million in 2018 according to Scamwatch.
Ilan Rubin, managing director, Wavelink, said, “These attacks are both sophisticated and hard to detect, as they rely to a large extent on human error. The more protections organisations can put in place to secure email, the less likely they will be to fall victim to email-related cyberattacks.”


According to Wavelink moving to the cloud has delivered significant agility, flexibility, and financial benefits for organisations but it can also create risk if not properly secured.
Lots more here:
It really is hard to think of what to add!
David.

No comments: