#

Back to Blog

Human Error a Top Source of Australian Data Breaches in 2020

by | Mar 16, 2021

The Office of the Australian Information Commissioner (OAIC) recently released their bi-annual Notifiable Data Breaches Report: July–December 2020. The key finding: human error is a major and growing source of breaches. It is also a dominant theme in many malicious or criminal attacks, which as a whole remain the leading source of breaches. 

Key findings on data breach trends over the 6-month period 

The OAIC’s key findings for July to December 2020 were reported as follows: 

  • 539 breaches were notified under the scheme, an increase of 5% from the 512 notifications received from January to June 2020. 
  • Malicious or criminal attacks (including cyber incidents) remain the leading source of data breaches, accounting for 58% of notifications. 
  • Data breaches resulting from human error accounted for 38% of notifications, up 18% from 173 notifications to 204. 
  • The health sector remains the highest reporting industry sector, notifying 23% of all breaches, followed by finance, which notified 15% of all breaches. 
  • The Australian Government entered the top 5 industry sectors to notify data breaches for the first time, notifying 6% of all breaches. 
  • 68% of data breaches affected 100 individuals or fewer. 
  • 78% of entities notified the OAIC within 30 days of becoming aware of an incident that was subsequently assessed to be an eligible data breach. 

Threat vectors and incident analysis highlights 

Malicious or criminal attacks are the largest source of data breaches and accounted for 310 or 58% of breach notifications in this time periodThey are deliberately crafted to exploit known vulnerabilities for financial or other gain. Examples of a malicious attack include external threats: phishing and malware, data breaches caused by social engineering or impersonation, theft of paperwork or storage devices. They also include actions taken by a malicious employee – also known as an insider threat. 

Human error continues to be a growing, major source of breaches, accounting for 204 notifications or 38%, up from 173 notifications in the previous period. Also of note, during this time period human error breaches increased both in terms of the total number of notifications received (up 18% to 204) and proportionally (up from 34% to 38%). Simple mistakes marked the top 6 incidents involved in a human error breach, including: 

  1. Personal Information (PI) sent to wrong recipient (email) (92) 
  2. Unauthorised disclosure (unintended release or publication) 
  3. Failure to use BCC when sending email 
  4. PI sent to wrong recipient (mail) 
  5. PI sent to wrong recipient (other) 
  6. Unauthorised disclosure (failure to redact) 

Industries Impacted the Most 

While data breaches impact all industries, the report indicates the top 5 industries with the most notifications from July to December 2020 as: 

  1. Health service providers 
  2. Finance (incl. superannuation)  
  3. Education 
  4. Legal, accounting & management services 
  5. Australian Government 

It’s important to note these same industries ranked the same for Malicious or Criminal attacks. It’s not surprising, since the value of the data each of this industries holds (Intellectual property (IP), financial information, personal information, trade and military secretes, etc.) makes them an attractive target for malicious outsiders like hackers and nation-states, as well as rogue insiders looking for personal and financial gain. 

How can you protect your organisationcritical data? 

In a nutshelltrust no one. That’s why technologies that empower Zero Trust methodologies are becoming the gold standard for cybersecurity. Zero trust dictates that organizations should not automatically trust anything – inside or outside – its perimeters. Insteadverify anyone and everything trying to connect to your systems before granting access. Zero trust is traditionally associated with access to your networks and applications, but it doesn’t take into consideration what authenticated users can do with the data within the application once access is granted.  

That’s where archTIS’s solutions differ. They offer data-centric zero trust model that evaluates each files attributes including security classification, organisation and country releasability, as well as the users’ attributes, date, time, locations, etc. to determine who is able access, editdownload and share the file.  Using attributebased access control (ABAC) and sharing polices offers more complete and effective control over information to ensure human error is no longer part of the breach risk equation.  

Learn more about our data security solutions and the advantages of ABAC driven information protection: 

KOJENSI 

Kojensi is a highly secure and trusted platform for sharing sensitive, classified and top secret files and document collaboration. It is accredited to provide multi-level, multi-coalition, and multi-domain collaboration on information classified up to TOP SECRET. 

NC PROTECT 

NC Protect is uses data and user attributes to automatically find, classify and secure unstructured data on-premises, in the cloud and in hybrid environments. The platform is fully integrated with Microsoft Office 365, SharePoint, Teams, Yammer, Dropbox and files shares to centrally secure your collaboration and data. 

Share This