Human Element Is Significant Factor In Data Breaches
National figures on data breaches show about one in three breaches in Australia in the last quarter were caused by compromised credentials, with log in and password information used to gain unauthorised access to personal information.
The human element continues to be a key factor in breaches, according to the latest Notifiable Data Breaches scheme statistics report from the Office of the Australian Information Commissioner, covering the period between April 1 and June 30 2019.
This includes individuals clicking on a phishing email or reusing passwords across services, which both allow for further data breaches.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk.
Malicious or criminal attacks were the largest source of data breaches in the quarter, accounting for 62% of all data breaches. Of these 151 data breaches, or nearly 70%, involved cyber incidents.
The vast majority of cyber incidents were linked to compromised credentials, either through phishing (46 notifications), by unknown methods (32 notifications) or by brute-force attack (5 notifications).
The health sector was responsible for 19% of data breaches and the finance sector for 17%. They were followed by the legal, accounting and management services sector (10%), the private education sector (9%), and the retail sector (6%).