Today the Australian Government Office of the Australian Commissioner release the latest Data Breaches Quarterly Statistics Report.
This report captures notifications received by the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme between 1 April and 30 June 2018. The OAIC publishes quarterly statistical information about notifications received under the NDB scheme, which commenced on 22 February 2018.
Interestingly, compromised details a result of email phishing campaigns is at the top of the list for Cyber incident related data breach (which accounts for the second most, behind compromised or stolen credentials where the method is unknown). Human error takes the headlines again, not surprising considering the sophistication of hackers and the cost to undertake an attack vs. the cost to defend.
The Health services and Finance industry rates at the highest in this quarter and the problem has exponentially outgrown capability suggesting we need to transform our approach to Cyber by leveraging automation and useful tooling to do the heavy lifting because budgets remain the same and we only have so many FTE's to fight the cause!
Attacks are real, and frequency is increasing with human error still at the centre. Over-reliance solely on process rather than outcomes presents systemic weakness. It's okay to have process and procedure but don't rely on your audit report to define the effectiveness of your policy or process when an incident occurs.
I recently attended a conference where the topic was “Trust in the Digital Age” and the focus was on rebuilding Cyber resilience with greater consideration of the significance of privacy of customers data. Interesting topic that covered what trust means, as well as redefining the term “risk” where the pillars of trust define risk as “uncertainty with potential loss that matters”, which essentially suggests managing risk to an acceptable level, have a good grasp of the impact and be prepared, more importantly it must be relevant to your organisation and or industry.
The OAIC report is available here for your perusal - https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-april-30-june-2018
Managing Director, DigitalHeart