New statistics on data breaches from Australian officials suggest that “this problem isn’t going away any time soon,” suggests Gemalto.
As the company’s latest blog post explains, the Office of the Australian Information Commissioner implemented its Notifiable Data Breaches scheme in late February, introducing new requirements compelling organizations to notify individuals of data breaches that could pose serious harm. And according to the OAIC’s latest Notifiable Data Breaches Quarterly Statistics Report, there were 242 reported data breaches in the March-June period, and then 245 breaches in the July-September quarter.
In other words, the number of breaches remained about the same over the 6-month period, suggesting that any efforts undertaken to improve security have had little immediate effect.
Breaking down the latest stats further, the OAIC reports that in the July-September quarter, 37 percent of the 245 reported breaches were attributed to human error, while 57 percent were the result of malicious attacks. Healthcare service providers reported the bulk of the attacks, taking 18 percent of the share, with the financial services sector and legal management services sector tying for second at 14 percent each. Phishing made up half of all attacks, while brute-force attacks comprised 12 percent, and 19 percent were the result of unknown methods.
While the data may be somewhat dispiriting from a security standpoint, the very fact of its existence, thanks in part to the OAIC’s Notifiable Data Breaches regulation, is cause for celebration, since now Gemalto and other security solutions providers can get a better look at the issues in play, and how to address them.