Data breach figures show need for staff training
Companies must improve employee training and deploy better technology to prevent data breaches, according to the Office of the Australian Information Commissioner.
About 41% of finance sector data breaches were due to human error in the year to March, compared with 35% across all sectors, while 56% of finance sector breaches involved malicious attacks, it says in a report.
Contact information was disclosed through data breaches in 86% of cases overall. One in 10 data breaches stemmed from personal information being emailed to the wrong recipient.
“Our report shows a clear trend towards the human factor in data breaches – so training and supporting your people and improving processes and technology are critical to keeping customers’ personal information safe,” Commissioner Angelene Falk said.
Overall, about 60% of data breaches involved malicious or criminal attacks. The most common methods (153 incidents) were phishing or spear phishing. Compromised or stolen credentials (112) were next. In 28% of cyber incidents, credentials were obtained through unknown means, because the company did not detect anything.
Some 964 data breaches occurred in the year to March, mostly affecting fewer than 1000 people.
The Australian Prudential Regulatory Authority is introducing new cyber-security standards to improve companies’ resilience.