Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches.
These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies.
From July to December 2023, 483 data breaches were reported to the Australian Information Commissioner, up 19% from 407 between January and June of the same year.
The OAIC periodically publishes statistical information about notifications received under the Notifiable Data Breaches scheme to help businesses and individuals understand privacy risks identified through the scheme.
Unsurprisingly, malicious or criminal attacks emerged as the cause of over two-thirds of data breaches.
According to the OAIC, the health and finance sectors remained the top reporters of data breaches.
The healthcare sector reported 104 breaches, and finance reported 49 breaches.
When it came to the number of individuals affected by data breaches, nearly two-thirds of incidents affected 100 or fewer people.
The vast majority of data breaches during this reporting period involved the personal information of 5,000 or fewer individuals globally.
Regardless of the numbers, the OAIC says the safety of personal information is critical and prioritizes regulatory action that deals with areas where the risk of harm to individuals is most significant.
It's no surprise that cyber incidents remain the leading cause of data breaches that impacted a large number of Australians.
Out of the 26 breaches that affected more than 5,000 Australian citizens, the vast majority were as a result of a cyber incident.
The OAIC said organizations must review their controls and processes continually to ensure they effectively defend and mitigate data breaches resulting from cyber incidents.
Regarding the kind of personal information involved in data breaches, the report revealed that contact and identity information were the most common kinds of personal data exposed.
Most data breaches involved contact information names, physical addresses, phone numbers, and email addresses.
It is also important to note that data breaches may involve more than one type of personal information.
During this timeframe, 64% of breaches were identified by the business within ten days of them happening, nearly a quarter of breaches were identified more than 30 days after they occurred, and 7% took 11 - 20 days.
The report revealed that the time taken to identify breaches varied depending on the source of the violation in question.
Or criminal attacks with 61%. System fault breaches were the last to be discovered, with only 53% being found within ten days.
The growing number of incidents that impact multiple parties is one of the reasons the security industry is seeing data breaches increase in complexity, scope, and impact.
This Cyber News was published on www.tripwire.com. Publication date: Tue, 19 Mar 2024 10:13:08 +0000