Business Daily Media

OAIC Notifiable Data Breaches report

  • Written by Gary Jackson, VP for Asia Pacific, Tenable

The latest Notifiable Data Breaches Report from the Office of the Australian Information Commissioner (OAIC) reveals a glaring truth – cyberattackers are finding the holes in our current defences and profiting from them. The report shows that 446 data breaches were notified in the period between January - June 2021, a 17% decrease from notifications in the second half of 2020. 

While notifications may be down, it’s essential that organisations not let their guard down as ransomware incidents have increased by 24% - a sign that cybercriminals are shifting their tactics. 

There are many contributing factors to this trend, such as the steady rise in cryptocurrency, a sophisticated ransomware value-chain network and a proven business model with double extortion. However, one of the most important drivers of ransomware today is the vast number of software vulnerabilities and misconfigurations threat actors are able to feast on to gain a foothold inside organisations and propagate their attacks. 

This view was echoed in a joint advisory issued on 29 July 2021 by four government agencies, the Australian Cyber Security Centre (ACSC), US' Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber Security Centre (NCSC) and US' Federal Bureau of Investigation FBI). The advisory alerted organisations about the top 30 exploited vulnerabilities that continue to be routinely exploited despite having patches available.  It’s a cost-effective measure that provides the most bang for the buck; cybercriminals don’t have to spend the capital needed to acquire zero-day vulnerabilities when there are so many unpatched systems to take advantage of. Bad actors of all skill levels and motivations will continue targeting known vulnerabilities in popular software so long as they remain unpatched and vulnerable.

With recent ransomware attacks still on our collective minds, the figures in the report are a much-needed wake-up call to AU organisations to proactively strengthen their defences before it becomes a crisis. If you think about it, ransomware is the monetisation of poor cyber hygiene. It may not be sexy or exciting, but it works.

Organisations must have a robust patch management process in place to ensure they are addressing unpatched vulnerabilities, which are proving to be a valuable tool for cybercriminals. In tandem, the focus must be placed on restricting access to critical systems and key internal data by addressing misconfigurations in the Active Directory to disrupt attack paths. Spearphishing emails or malicious emails with attachments are avenues for ransomware to propagate. Therefore, ensuring that email security gateway and endpoint security are up-to-date along with employee security awareness training could potentially thwart the next ransomware attack.

By and large, the MO for most cybercriminals — whether they be rogue actors or state-sponsored — is the path of least resistance: they’re getting in through the low hanging fruit. Getting the basics right is imperative because the criminals aren’t going anywhere. Let’s not make it so easy for cybercriminals by not doing the basics. Every minute wasted is a minute gained by cyberattackers. 

Business Reports

Businesses encouraged to seek help to deal with cashflow issues

Daniel Riley, leading finance expert and CEO of one of the country’s top business finance providers, Earlypay, is encouraging businesses to reach out for assistance to deal with cashflow issues before it’s too late. “Ou...

Basic Dropshipping Business Tips To Remember

During the pandemic one of the businesses which many people looked to get involved with was dropshipping, a great option if you know what you are doing. This is a business which sees you focus on selling online, contacting manuf...

Aussies plan to turn their side hustle into their full time gig

SIDE HUSTLE BOOM: 4 IN 5 AUSSIES TURN SIDE HUSTLE DREAMS INTO DOLLARS    New research reveals more than three quarters (78%) of Aussies plan to turn their side hustle into their full time gig   With the rise in cost of ...

Fixing Broken Processes in the Financial Services Sector

As established financial services firms face increasing competition with the emergence of nimble fintech rivals, many are looking for ways to make their internal processes more efficient. Manual, paper-based workflows and proce...

Six ways businesses can minimise travel disruptions

While business travel continues to grow healthily, travellers may have another potential disruption to be on guard for: the rapid rise of flu and COVID cases that are expected to peak in the coming months. A leading travel manag...

How Australians are missing out on retirement returns

Australians are missing out on potential returns by not regularly salary sacrificing, according to new research by Finder, Australia’s most visited comparison site. A new Finder survey of 722 people with super revealed only...

Web Busters - Break into local search