Information Commissioner: Human-Error Still the “Key Factor” in Data Breaches
A new report from the Office of the Australian Information Commissioner (OAIC) illustrates that humans continue to be the weak link when it comes to online security and stopping data breaches.
While malicious or criminal attacks still represented the largest source of data breaches - 62 percent overall - according to OAIC data, the rate of human error resulting in a wide-scale data leak or loss of customer trust for an organisation is a persistent problem. According to data presented in the OAIC’s latest report - 1st of April - 30th of June - human error played a part in more than a third (34%) of recorded data breaches.
Human error, in this case, refers to “sending personal information to the wrong recipient via email, unauthorised disclosure through the unintended release or publication of personal information, as well as the loss of paperwork or data storage device,” according to the OAIC.
The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions.” - OAIC Commissioner.
“Certain kinds of data breaches can affect larger numbers of people,” the OAIC continues to explain, “For example, in this quarter the unintended release or publication of personal information impacted the largest number of people (an average of 9,479 affected individuals per data breach). This is consistent with the previous quarterly trend. Failure to use BCC when sending emails impacted an average of 601 individuals per data breach.”
The OAIC also confirmed statistics stating that one in three data breaches last quarter were “caused by compromised credentials, with login and password information used to gain unauthorised access to personal information.”
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” Angelene Falk, the Australian Information Commissioner and Privacy Commissioner said.
“The NDB data shows that the threat of data breaches- whether by malicious or criminal attack or human error - remains real.” - OAIC
“The reporting regime has been well accepted and the onus is now on organisations to further commit to best practice in combating data breaches and improving response strategies,” she said.
“Effecting change in practices to prevent breaches is vital to the goal of protecting the community. Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information,” Faulk said, illustrating that the onus of responsibility is firmly on the organisation to protect their customer’s sensitive information.
“Private health and finance sectors continue to record the most data breaches,” out of all the industries surveyed, according to OAIC data. “They were followed by the legal, accounting and management services sector, the private education sector and the retail sector.”