Contact Steadfast Solutions today to learn more about preventing data breaches and recovering your data quickly if you are attacked. Â Â
According to the 2019 Cost of a Data Breach Report, the average data breach costs companies nearly AUD $5.8 million (USD $4 million) and impacted an average of 25,575 records.
Closer to home, the Office of the Australian Information Commissioner’s released a Notifiable Data Breaches Quarterly Statistics Report that covers 245 notifications between April 1 to June 30, 2019. System issues accounted for just 4% of these breaches. Here is the full breakdown from the report:
- 245 notifications
- 62% malicious attacks
- 34% human error
- 4% system faults
What’s a Notifiable Data Breach?
The Notifiable Data Breaches (NDB) came about in February 2018. Under the 1988 Privacy Act, organisations are required to inform anyone affected by a data breach at their firm. Additionally, notice must be given to the Office of the Australian Information Commissioner (OAIC) when the breach contains personal information that may lead to harm for those impacted. According to the OAIC, these organisations include any business or nonprofit with annual revenue exceeding $3 million, as well as all credit reporting agencies and health care providers. Personal information includes financial records, contact information, health information, and identity information.
What Are the Most Common Breaches Involving Human Error?
Human error accounted for 34% of breaches on the Notifiable Data Breaches report. This includes the following events:
- The use of ‘cc’ rather than ‘bcc’ to send an email. This could reveal an organisation’s entire distribution list to other stakeholders. Dozens of people or more can find out the name and email of anyone on the list.
- Discarding personal information without accounting for the confidentiality of those impacted. This includes throwing personal records into the public rubbish rather than a document disposal bin.
- Unauthorised verbal disclosure, which includes openly commenting on someone’s confidential information. It also includes sending information to the wrong party.
What About Breaches from Malicious Activity?
While breaches from human error are typically done inadvertently, 62% of the reported attacks came from malicious or criminal activity. Of these, nearly 70% involved malware, phishing, or ransomware. Common tactics include using automated software to decode passwords or stolen credentials.
Even when criminal attacks initiated a breach, human action often played a part. For example, an employee who clicks on a phishing email can set off a chain reaction that leads to a data breach. In fact, 78% of malicious attacks were made possible by compromised credentials.
What Can Organisations Do?
To prevent data breaches, provide training and education as well as clear consequences for inappropriate behaviour that compromises cybersecurity. This includes the following preventive measures:
- Use strong passwords such as two-factor authentication.
- Dark web monitoring alerts your organisation when user details appear on the dark web.
- Regular training keeps staff aware of known threats and reminds everyone to check the email addresses before clicking on emails or opening attachments. This improves the handling of sensitive data and files as well.
- Stay alert to internal threats. In the report, 8% of data breaches were caused by insider threats and rogue employees.
Contact Steadfast Solutions today to learn more about preventing data breaches and recovering your data quickly if you are attacked.