iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches report for July to December 2022, showing trends such as the most common sectors targeted by cyber criminals.
The report found that data breaches in Australia have continued to rise, affecting greater numbers of people.
“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” said Angelene Falk, Australia’s information and privacy commissioner.
“Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”
There were 40 breaches that affected over 5,000 Australians, 33 of which were the result of cyber security incidents.
“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” added commissioner Falk.
“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”
Sixty-two per cent of all breaches affected under 100 people, and overall there was a 26 per cent increase in data breaches.
Health services were the top sector for notifying data breaches, closely followed by finance.
Forty-five per cent of all data breaches involved cyber security incidents, most of which involved ransomware at 29 per cent, followed by stolen credentials at 27 per cent.
Responding to the OAIC report, Scott Hesford, director of solutions engineering APAC at BeyondTrust, has commented on the importance of keeping credentials and login details secure.
“Recent high-profile data breaches have highlighted the impact that stolen credentials can have on organisations and their customers,” he said.
“The latest OAIC Notifiable Data Breaches report shows the extent to which the problem exists: 59 per cent of cyber incidents reported in the period of July-December 2022 involved compromised or stolen credentials.
“Often stolen credentials have associated privileges beyond what is needed allowing attackers to inflict more damage — accessing sensitive data or installing malicious code, for example — than what they would be able to do if the privileges were removed or reduced.”
The recent Medibank hack resulted from a case of stolen credentials, which were then used to access the company’s network and systems.
Hesford added that companies need to form good password practices, avoiding the reuse of credentials and changing them regularly.
“In addition, password reuse, particularly between breached personal accounts and corporate accounts, compound the issue and highlight the importance of credential rotation for privileged accounts.
“The ACSC’s Essential Eight calls for organisations to implement application control, restrict admin privileges and harden user applications, all of which would reduce the severity of breaches,” he said.
Be the first to hear the latest developments in the cyber industry.
