Quarterly Statistics Report – October – December 2018
The quarterly report released by the Office of the Australian Information Commissioner (OAIC) reports on notifications received by the Federal Government entity under the Notifiable Data Breaches (NDB) scheme. Under this scheme, a notifiable data breach is any breach in which the personal information of an individual that was being held by an organisation is either lost or subjected to unauthorised access or disclosure which results in serious harm to the individual.
Key Report Takeaways:
The following key points were outlined in the OAIC Quarterly Statistics Report from October – December 2018:
- During this period, 262 notifications of breaches were reported to OAIC – the highest number of notifications since the scheme was introduced in February 2018.
- Of these breaches, 33% were due to human error, 64% were due to malicious or criminal attacks and 3% were due to system faults.
- 60% of these breaches involved the personal information of 100 individuals or fewer.
- OAIC reported that the majority of the malicious or criminal attacks were largely the result of exploiting vulnerabilities involving a human factor, such as phishing emails or disclosing passwords.
How could this impact your organisation?
Reputational: A data breach of any size would attract strong media coverage and create significant reputational and political damage. A cyber-attack could also damage employees confidence around the protection of their personal information and detract future employees from wanting to work there.
Legal: Legally, your organisation has an obligation under legislation such as Australia’s Notifiable Data Breach and the European Union’s General Data Protection Regulation (GDPR) to report any significant data breaches that have impacted customers and their personal information. Following this reporting and dependent on the scale of the breach and any fault that has been found to lie with the organisation, your business may be subjected to a number of legal ramifications including significant fines.
Financial: Globally, cyber-attacks are believed to have accounted for the loss of approximately $600 billion USD, with the Asia Pacific region alone losing an estimated $171 billion to cyber-crime in 2018. The Australian Government estimates that the average cyber-attack would cost a business approximately $276,323. As such a breach of this magnitude would be significant for any organisation. Whilst this estimate encompasses the aspects of the actual cyber-attack, it doesn’t factor in the additional longer-term financial repercussions such as loss of business as a result of reputational damage.
What can you do to safeguard your organisation against these breach attacks?
Microsoft has reported that from January to December 2018, email phishing attacks increased by 250%. Considering the immense financial, reputational and legal impacts that these breaches may have on an organisation, it is imperative that the appropriate safeguards are in place to mitigate any breach.
Recent reports indicate 91% of all cyber-attacks are now conducted via email, confirming that human error is one of the key reasons for these attacks. One activity you can undertake to counter potential attacks is to raise employee awareness around cyber attacks, security and the risks that these attacks carry with them. Our article on phishing attacks and how to spot them is a great place for your employees to start this awareness around cyber and it’s impacts.
By educating staff of the dangers of phishing emails, social engineering and malicious human targeted attacks, you will simultaneously improve the confidence of your staff when dealing with possible cyber-attacks and thereby increase the chances of them spotting something so the relevant staff can be alerted. This will greatly reduce the chance of staff being caught by one of these attacks and suffering the ramifications these attacks can carry.