This post regards the OAIC Notifiable Data Breaches Report. We will update it as more responses appear…
“The latest comes at a precarious time in Australia’s cybersecurity threat landscape, with 2022 being our worst year on record for major cyberattacks. It confirms what many in the security industry know already, and that is that we must do more to facilitate higher prioritisation of security best practices and awareness at an organisational level.
“It is not surprising to see that we have mirrored the global trend of healthcare institutions seeing a sharp rise in successful breaches, as threat actors look to exploit targets that represent high-value data and critical infrastructure. We only have to look to the ongoing fallout of the Medibank Private breach to see the devastation this causes at a reputational level, while civilians bear the brunt of personal violation as their data is literally held for ransom.
“With the government proposing to raise the potential penalty for a serious privacy breach to $50 million, the stakes are getting higher for companies to fortify their systems and protect the massive amounts of data we relinquish to their guardianship. However, with both general strategy and official government advice often revolving around reactive security measures and incident response, it is doubtful anything will improve until there is more emphasis placed on defensive security. Every organisation can play a key role in stopping breaches and data exposure by implementing role-based security awareness training, including comprehensive developer upskilling in secure coding. It takes a village to raise standards, and we all have a hand in safeguarding our digital world.” – Pieter Danhieux, Co-Founder and CEO at Secure Code Warrior.
“This report is another timely reminder for Australian businesses to ensure that proper protections are in place to mitigate the risk of breaches. Ransomware and credential theft or misuse accounted for over 80% of cyber incidents according to the OAIC report. Lost or stolen credentials continue to be a significant entry point for data breaches. We know from other research that in many cases privileged accounts, such as admin users, provide attackers the keys to the kingdom, causing significant problems for the attacked organisation and their customers.
“It is no wonder then that we see Australian organisations, across both the public and private sector, look to adopt the Essential Eight controls to mitigate the risk around such attacks. Application Control, User Application Hardening, the removal of unnecessary Admin Privileges and Multi-factor Authentication – all of which are highlighted in the Essential Eight – have a role to play, alongside having regular backups and the proper management of macros.” – Scott Hesford, Director of Solutions Engineering, Asia-Pacific region and Japan, BeyondTrust.
“The 14 percent decrease in reported breaches should not allow Australia to be more at ease because we still have so much work to do with upskilling IT staff, implementing the right cybersecurity solutions and, more importantly, being aware of the effects of a hack both short term and long term for businesses.” -Anthony Daniel – Regional Director – ANZ and Pacific Islands, WatchGuard Technologies.