The rate of damaging privacy breaches is unlikely to slow down over the next year, experts say, with exponential growth in personal information collection highlighting the need for greater awareness at businesses of the need to protect this data.
Jonathan Rubinsztein, chief executive of ASX-listed investigative analytics company Nuix, said the geopolitical climate combined with other recent developments such as the rise in remote working was powering a boom in data breaches in Australia and elsewhere.
Cyber attackers are getting more sophisticated, and companies are holding more data.
“There’s no question that global political instability is a key driver, many of the attacks are suspected to be from state-sponsored actors,” he said.
“That, together with the post-COVID working-from-home arrangements and a proliferation of data, means the prize gets bigger and the ability to protect perimeters is getting more complicated.”
Rubinsztein said the Nuix analytics platform was used by both Medibank and Optus in the wake of their data breaches, but that companies should be integrating reviews of their data assets regularly rather than having to sort it out after an attack.
Jonathan Rubinsztein, CEO of Nuix.Credit:Louise Kennerley
“The best way for the organisation to protect consumer data is to manage the risk before the attack. Unfortunately we are being used, to date, much more post-event,” he said.
Jacqueline Jayne, security awareness advocate at KnowBe4, said increased public scrutiny of hacker-attacked companies had also changed the landscape.
“We are likely to see more large-scale attacks over the next year, but it is also important to note that attacks on the scale of Optus and Medibank have been occurring for many years,” she said.
“No matter how secure or vigilant an organisation may be when it comes to cybersecurity, it only takes one error, one lapse of judgement or missing the red flags in a malicious email for a breach to be successful.”
And even as both security professionals and cyber criminals get access to more powerful tools, Jayne said human error overwhelmingly remained the leading cause of breaches, making up between 82 per cent and 95 per cent of cases, depending on the research you read.
‘It only takes one error, one lapse of judgement or missing the red flags in a malicious email for a breach to be successful.’
“The focus on IT is not commensurate with that. The recent large data breaches in Australia have also highlighted that both IT and consumers are looking to the government to provide guidance and solutions to the issue, which is concerning,” she said.
“While government has a part to play, cybersecurity is everyone’s responsibility and these events have highlighted that we have a long way to go when it comes to basic cyber hygiene for consumers.”
Daniel Trauner, senior director of security at Axonius, said things are complicated in the current business environment, where employees often use a mix of managed work platforms and personal accounts on platforms like LinkedIn and WhatsApp. The result is a potential for human error that goes beyond simply clicking on a dodgy link in a work email.
Jacqueline Jayne, from security training company KnowBe4.
“In effect, it means that personal and work data are being mixed into a single account and interface, which is a huge advantage for an attacker,” he said.
“We saw this happen during the 2022 Uber hack, where the attacker posed as Uber IT on WhatsApp to help convince the target to approve an MFA (multi-factor authentication) request.”
Nuix research showed more than 1800 breaches in Australia in the past 12 months, costing around $4.5 million per breach. The Australian Security Centre received more than 76,000 cybercrime reports in the 2021-22 financial year, an increase of 13 per cent from the previous year and equivalent to one report every seven minutes.
Rubinsztein said he only expected matters to get worse, given ballooning data storage and increasingly complex criminal tactics.
“I think the data proliferation is going to continue, and in fact the rate of change of proliferation will increase. We’re collecting data from many more systems, from IoT and other devices,” he said, referring to the so-called Internet of Things – physical devices with processors, software or other technologies that are connected with the internet.
“And just as Nuix can take multiple data sets and aggregate those, the bad actors can too. With the ability to aggregate multiple sets of personal identifying information, the value of that data on the dark web increases, and the scariness does too,” he said.
Big companies can store hundreds of millions of documents, of various file types and in various locations, with Rubinsztein saying data volume is doubling every two to three years. It’s a complex challenge to keep track of it all, review it and secure it in preparation of a potential breach.
“If you think about a big corporate, a big bank, you’ve got backups, and you’ve got archiving, in some scenarios you actually don’t know what is included in your data assets,” he said.
“What data are you storing with a third party? How do you know how at risk that data is? It’s something that needs a sophisticated review.”
Small businesses, SMEs and non-profits are far from immune, as evidenced by the recent breach at children’s charity The Smith Family. Jayne said that with essentially all businesses harvesting and storing some kind of data, every company was a potential target.
“Like any form of a break-in, criminals will spend considerable time and resources on the larger targets as the potential data haul is equal to the effort. On the flip side, small businesses and not-for-profits may require less time and resources from the cybercriminals, and the data haul is again equal to the effort,” Jayne said.
“Not-for-profits struggle with the resources for information security, making it challenging to develop a much-needed robust security culture to ensure the organisation and its staff are aware of current attack vectors.“
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
Most Viewed in Technology
From our partners
Source: Read Full Article