Breaking Down the Data Breaches on the Aussie Government
The Australian government’s cyber security team had to work extra hard throughout the second half of 2020. In just 6 months – from July to December – the government was hit by 33 data breaches, putting them in 5th place for highest number of breaches.
The government came in behind health, finance, education and legal, in a league table that no one wants a spot in.
During the 6-month period, the Office of the Australian Information Commissioner (OAIC) reported receiving 539 data breach notifications, which is 5% more than the 6 months previous. Let’s break this down a little bit, by clarifying what a data breach actually is, how this occurred, and how businesses can ward off data breaches.
What is a data breach?
A data breach describes an incident where information is accessed, lost, altered, disclosed or destroyed without authorisation. It’s a security breach that could occur due to deliberate or accidental reasons. The result is a loss of personal data, or a compromise of the integrity or confidentiality of that data.
Companies hit by a data breach could find themselves struggling to recover the financial losses incurred by the incident.
How did this happen to the Aus government?
The OAIC’s report states that 58% of the breaches during those 6 months were a result of criminal activity. 38% occurred due to human error, and 5% were down to system faults. The OAIC also said that the increase could be linked to the shift to working from home arrangements due to the pandemic, although this isn’t yet conclusive.
It was also reported that 91% of data breaches between July and October involved personal contact information, such as home addresses, email addresses and phone numbers. Of the data breaches caused by human error, most were caused by personal information being sent to the wrong recipient.
In general, the findings highlight the significant risk imposed by email phishing attacks, and the importance of education in this area. Given that these attacks depend on someone clicking the link, organisations should be focusing on more cybersecurity training for their employees.
How can organisations protect themselves from data breaches?
Data breaches most commonly occur due to out-of-date, vulnerable software, weak passwords, drive-by downloads of malware or viruses, and targeted email phishing attacks. If it can happen to the Australian government, it can happen to you, but there are some steps companies can take to prevent cybersecurity breaches.
- Make sure security software is up-to-date. Weak or outdated security software has vulnerabilities that hackers can easily exploit.
- Carry out regular risk assessments. Conduct regular vulnerability assessments to protect against new risks, and make sure all policies and processes are reviewed often.
- Personal data should be encrypted and backed up. Use cloud services instead of external hard drives that can be lost or stolen.
- Invest in staff training and awareness. Employees are usually the weakest link in the data security chain, so schedule cybersecurity training often.
- Ensure companies you partner with have high security standards. All third party vendors should comply with privacy laws and have data protection systems in place. Be sure to ask them.
Robust IT support to protect your company’s data
The IT Department can implement advanced systems to help make sure your business doesn’t fall prey to data breaches. Taking precautions now could save millions of dollars spent trying to recover after an attack, so give our team a call on 1300 10 10 40 to find out more.