The Office of the Australian Information Commissioner (OAIC) has revealed the ‘human element’ as the leading cause of damaging data breaches in Australia, accounting for one in three security failures in the three months to 30 June.
In her latest Notifiable Data Breaches (NDB) report, Australian Information Commissioner and Privacy Commissioner, Angelene Falk said human error included individuals clicking on a phishing email or reusing passwords across services, which allowed for further data breaches.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” Ms Falk said.
“The NDB data shows that the threat of data breaches — whether by malicious or criminal attack or human error — remains real.”
She said malicious or criminal attacks were the largest source of data breaches in the quarter, accounting for 62 per cent of all data breaches.
Of these, she said, 151 data breaches or nearly 70 per cent, involved cyber incidents.
“The vast majority of cyber incidents were linked to compromised credentials, either through phishing (46 notifications), by unknown methods (32 notifications) or by brute-force attack (five notifications),” Ms Falk said.
She said the NDB scheme had established itself as an effective mechanism for organisations to notify affected individuals and the OAIC about ‘eligible data breaches’.
“The reporting regime has been well accepted and the onus is now on organisations to further commit to best practice in combating data breaches and improving response strategies,” Ms Falk said.
“Effecting change in practices to prevent breaches is vital to the goal of protecting the community. Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information.”
She said the majority of data breaches in the period involved the personal information of 100 individuals or fewer (62 per cent of data breaches).
Ms Falk said her Office remained ready to exercise its enforcement powers to support the NDB scheme’s purpose of protecting consumers.
The OAIC’s 21-page quarterly report can be accessed at this PS News link.
