The Office of the Australian Information Commissioner (OAIC) has issued a report on how it expects entities in the Australian Public Service to deal with data breaches caused by ransomware and impersonation fraud.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk said the OAIC had received 446 data breach notifications from January to June this year, with 43 per cent resulting from cyber-security incidents.
Ms Falk said the Notifiable Data Breaches Report showed data breaches arising from ransomware incidents increased by 24 per cent, from 37 notifications last reporting period to 46.
Ms Falk said the increase in ransomware incidents was cause for concern, particularly due to the difficulties in assessing breaches involving ransomware.
“We know from our work and from the Australian Cyber Security Centre that ransomware attacks are a significant cyber threat,” Ms Falk said.
“The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated and, because of this, we are concerned that some entities may not be reporting all eligible data breaches involving ransomware.”
She said entities must have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware, including a clear understanding of how and where personal information was stored across their networks.
“The OAIC was notified of a number of data breaches resulting from impersonation fraud, which involves a malicious actor impersonating another individual to gain access to an account, system, network or physical location,” Ms Falk said.
“The growth of data on the dark web unfortunately means that malicious actors can hold enough personal information to circumvent entities’ ‘know your customer’ and fraud-monitoring controls.”
She said the OAIC expected to be notified when entities experienced impersonation fraud, where there was a likely risk of serious harm.
“Entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud,” Ms Falk said.
The OAIC’s 33-page report can be accessed at this PS News link.