Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Human error triggers increase in data breaches

Human error was the ‘dominant’ cause of an increase in data breaches over the second half of 2020, according to the latest statistics from the OAIC.

user iconCharbel Kadib
Thu, 04 Feb 2021
Human error triggers increase in data breaches
expand image

The Office of the Australian Information Commissioner (OAIC) has reported that it received 539 data breach notifications from July to December 2020, up 5 per cent on the previous six months (512).

The OAIC’s Notifiable Data Breaches statistics found that 38 per cent of all data breaches were attributable to human error.

“In the past six months, we saw an increase in human error breaches both in terms of the total number of notifications received – up 18 per cent to 204 – and proportionally – up from 34 per cent to 38 per cent,” OAIC’s Australian information and privacy commissioner, Angelene Falk, said.

============
============

“The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office.

“Organisations need to reduce the risk of a data breach by addressing human error – for example, by prioritising training staff on secure information handling practices.”

Malicious or criminal attack accounted for 58 per cent of data breaches over the six-month period (310), with system faults responsible for 25 notifications (5 per cent).

The largest proportion of data breaches were reported by health services providers (23 per cent), followed by finance (15 per cent).

Michael Sentonas, chief technology officer at CrowdStrike, expressed concern over the continued vulnerability of the health sector to cyber risks.

"Health service providers have consistently reported the most data breaches, 123 reports in this period and the report suggests that the healthcare sector, in particular, should be increasingly vigilant to support patient privacy and security, and ensure that its cyber posture is as resilient as possible," he said.

The Australian government was among the hardest hit sectors, accounting for 6 per cent of all breaches, with human error the leading cause.

“Ensuring the security of personal information is an area of regulatory focus for the OAIC, particularly in the health and finance industries, which have consistently been the top two sectors to report breaches,” OAIC commissioner Falk added.

The OAIC has urged entities to invest in cyber infrastructure improvements.

“Being prepared for a data breach is important for all entities that handle personal information,” Falk said.

“Entities must have effective systems for detecting, containing, assessing, notifying and reviewing data breaches.

“Critically, they need to provide individuals with clear and timely information about data breaches, including recommendations on steps they can take to protect themselves from harm. Any unnecessary delay in providing this information undermines the purpose of the Notifiable Data Breaches scheme.”

Falk encouraged organisations to consider OAIC to help review their processes to ensure they are fit for purpose.

“We are nearing three years of operation of the Notifiable Data Breaches scheme and expect that entities have systems in place to report breaches in line with legislative requirements,” she said.

“We also expect organisations to have improved the security of personal information they hold to prevent breaches.

“We will continue to closely monitor compliance with the scheme and prioritise regulatory action where there are significant failings.”

Mark Lukie, sales engineer manager at APJ, Barracuda Networks, said reassessing cyber infrastructure is particularly important in the current environment.

“This report comes at a time when many businesses are scrambling to find cybersecurity talent to shore up their defences and enterprises across the country embrace a distributed workforce as their new normal modus operandi," he said.

“The data suggests that malicious attackers took no holiday in 2020 and harvested the opportunity to pursue their goals with distracted workers, global pandemic, cost pressures from recession, remote access and the accelerated adoption of cloud services. Each of these alone would be cause for concern for cyber security professionals.

"All these macro trends happening simultaneously now require Australian private and public sector organisations to have the highest level of vigilance against those who would take advantage of these situations."

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.