The latest quarterly report released by the Office of the Australian Information Commissioner (OAIC) has revealed that cyber breaches have continued at pace.
The report found that the OAIC had been notified of 245 breaches from July to September 2018, a slight increase from the previous quarter. The statistics show that 57% of attacks over the quarter were caused by a malicious or criminal attack.
Human error based attacks also saw a slight uptick in the latest quarter. Thirty seven percent of attacks were down to a human mistake, highlighting the importance of regular and thorough staff training.
“To limit cyber risk, it takes more than online or computer-based solutions,” Adcock said. “Regular staff training is a really important way to make sure your business is protected as people are often the weakest link in the defence of a business.”
A simple error, sending personal information to the wrong recipient, made up 20% of data breaches over the quarter, Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day,” Falk said.
Staff training can also help spot suspicious emails that seek to dupe employees into clicking and exposing their business to cyber threats. Known as phishing, this attack method was responsible for 20% of attacks over the quarter and continues to have its presence felt.
“Phishing is a common attack method that we are seeing all too often,” Adcock said. “Again, staff training can help inform employees on what to look for and how to spot a suspect email.”
Mitigating against cyber attacks is the best method to avoid any potential damage to a business but cyber insurance can also help to pick up the pieces should something go wrong.
“It is no longer a matter of ‘if’ your business will come under cyber attack, it is a matter of when the attack will occur and how damaging it could be,” Adcock added.
“All businesses, no matter their size, industry or if they fall under Mandatory Breach Notification legislation should look to become more cyber aware, before it’s too late.”